Skip to main content

Manage access to cloud platform networks

Access to cloud platform networks is regulated:

Role model access

For more information about role model access, see the Access Control in Servercore Products manual.

This guide describes the roles for accessing cloud platform network resources: private networks, subnets and ports, public subnets and ports, public IP addresses, and cloud routers. Access to load balancers, access to cloud firewalls, and access to security groups are regulated separately.

member

User with full access to all services. Access control is not available for: users, service users, user groups and federations.

Access areas
  • Account
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of all network resources in the cloud platform and information about them in all projects;

  • manage private networks, subnets and ports in all projects:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • setting up network access in different projects;
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • Connecting the subnet to and disconnecting from the cloud router;
    • connect the network to and disconnect from the global router;
    • creating a port on the network and deleting a port;
    • Enable or disable the port on the network;
    • Manage authorized addresses and security groups on a port on the network;

  • management of public subnets in all projects:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • configuring subnet access in different projects;
    • Create and delete a port on a subnet;

  • management of public IP addresses in all projects:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Cloud router management in all projects:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • Connecting a private subnet to and disconnecting from the router

In the access area Project:

  • View a list of all network resources in the cloud platform and information about them in the selected project;

  • manage private networks, subnets, and ports in the selected project:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • setting up network access in different projects (access to each project is required);
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • Connecting the subnet to and disconnecting from the cloud router;
    • creating a port on the network and deleting a port;
    • Enable or disable the port on the network;
    • Manage authorized addresses and security groups on a port;

  • management of public subnets in the selected project:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • configuring subnet access in different projects;
    • Create and delete a port on a subnet;
    • Enable or disable the port on the network;

  • management of public IP addresses in the selected project:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Managing cloud routers in the selected project:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • Connecting a private subnet to and disconnecting from the router

iam_admin

User with access to user management and without access to services and billing. Cannot manage his account: change permissions, manage notifications, delete the user. The first user with the iam_admin role is created by the Account Owner.

Access areasAccount
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

reader

A user with access to view everything he controls member in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of all network resources in the cloud platform and information about them in all projects

In the access area Project:

  • View a list of all network resources of the cloud platform and information about them in the selected project

vpc.admin

User with access to manage cloud platform networks (private networks and subnets, public subnets and public IP addresses, cloud routers), cloud firewalls, security groups, cloud load balancers.

It is not available to add ports to the cloud server or delete ports added to the cloud server, this requires the role of member.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of all network resources in the cloud platform and information about them in all projects;

  • manage private networks, subnets and ports in all projects:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • Connecting the subnet to and disconnecting from the cloud router;
    • Connecting a subnet to and disconnecting from the global router (additionally requires the role of global_router.admin);
    • Create a port on the network (not assigned to a cloud server) and delete a port on the network (other than those assigned to a cloud server);
    • Enable or disable the port on the network;

  • management of public subnets in all projects:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • Create and delete a port on a subnet;
    • Enable or disable the port on the network;

  • management of public IP addresses in all projects:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Cloud router management in all projects:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • Connecting a private subnet to and disconnecting from the router

In the access area Project:

  • View a list of all network resources in the cloud platform and information about them in the selected project;

  • manage private networks, subnets, and ports in the selected project:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • Connecting the subnet to and disconnecting from the cloud router;
    • Connecting a subnet to and disconnecting from the global router (additionally requires the role of global_router.admin);
    • Create a port on the network (not assigned to a cloud server) and delete a port on the network (other than those assigned to a cloud server);
    • Enable or disable the port on the network;

  • management of public subnets in the selected project:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • Create and delete a port on a subnet;
    • Enable or disable the port on the network;

  • management of public IP addresses in the selected project:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Managing cloud routers in the selected project:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • Connecting a private subnet to and disconnecting from the router

vpc.viewer

User with access to view everything he controls vpc.admin in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of all network resources in the cloud platform and information about them in all projects

In the access area Project:

  • View a list of all network resources of the cloud platform and information about them in the selected project

vpc.private_network.admin

A user with access to manage private networks, subnets, and ports.

It is not available to add ports to the cloud server or delete ports added to the cloud server, this requires the role of member.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View the list of private networks, subnets, ports and information about them in all projects;

  • manage private networks, subnets and ports in all projects:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • connecting the subnet to and disconnecting from the cloud router (additionally requires the role of vpc.external_access.admin);
    • Connecting a subnet to and disconnecting from the global router (additionally requires the role of global_router.admin);
    • Create a port on the network (not assigned to a cloud server) and delete a port on the network (other than those assigned to a cloud server);
    • Enabling and disabling the port on the network

In the access area Project:

  • view the list of private networks, subnets, ports and information about them in the selected project;

  • manage private networks, subnets, and ports in the selected project:

    • Creating and deleting a network and subnet;
    • Change the name and tags of the network and subnet;
    • changing automatic subnet network settings (gateway, DNS servers, static routes, DHCP status);
    • connecting the subnet to and disconnecting from the cloud router (additionally requires the role of vpc.external_access.admin);
    • Connecting a subnet to and disconnecting from the global router (additionally requires the role of global_router.admin);
    • Create a port on the network (not assigned to a cloud server) and delete a port on the network (other than those assigned to a cloud server);
    • Enabling and disabling the port on the network

vpc.private_network.viewer.

A user with access to view everything they manage vpc.private_network.admin in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View the list of private networks, subnets, ports and information about them in all projects

In the access area Project:

  • View the list of private networks, subnets, ports and information about them in the selected project

vpc.external_access.admin

User with access to manage objects for internet access - public subnets, public IP addresses, cloud routers.

It is not available to add ports to the cloud server or delete ports added to the cloud server, this requires the role of member.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of public subnets and public IP addresses, ports on public networks, cloud routers and information about them in all projects;

  • management of public subnets in all projects:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • Create and delete a port on a subnet;
    • Enabling and disabling the port on the network

  • management of public IP addresses in all projects:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Cloud router management in all projects:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • connecting a private subnet to the router and disconnecting from it (additionally requires the role of vpc.private_network.admin)

In the access area Project:

  • View a list of public subnets and public IP addresses, ports on public networks, cloud routers and information about them in the selected project;

  • management of public subnets in the selected project:

    • creating and deleting a subnet;
    • changing the subnet name and tags;
    • changing DNS servers;
    • Create and delete a port on a subnet;
    • Enabling and disabling the port on the network

  • management of public IP addresses in the selected project:

    • creating and deleting an IP address;
    • connecting an IP address to a port on a private network;
    • switching between ports;
    • disconnecting from the port;

  • Managing cloud routers in the selected project:

    • creating and deleting a router;
    • changing the router name and tags;
    • turning the router on and off;
    • connect the router to an external network and disconnect from it;
    • managing static routes on the router;
    • connecting a private subnet to the router and disconnecting from it (additionally requires the role of vpc.private_network.admin)

vpc.external_access.user

A user with access to view everything he controls vpc.external_access.admin in the same access area, and with access to manage public IP addresses.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of public subnets and public IP addresses, ports on public networks, cloud routers and information about them in all projects;

  • management of public IP addresses in all projects:

    • connecting an IP address to a port on a private network, switching between ports, disconnecting from a port

In the access area Project:

  • View a list of public subnets and public IP addresses, ports on public networks, cloud routers and information about them in the selected project;

  • management of public IP addresses in the selected project:

    • connecting an IP address to a port on a private network, switching between ports, disconnecting from a port

vpc.external_access.viewer.

A user with access to view everything he controls vpc.external_access.admin in the same access area.

Access areas
  • Account;
  • project
Who can be prescribed
  • Users;
  • to service users;
  • user groups
Available cloud platform network operations

In the Account access area:

  • View a list of public subnets and public IP addresses, ports on public networks, cloud routers and information about them in all projects

In the access area Project:

  • View the list of public subnets and public IP addresses, ports in public networks, cloud routers and information about them in the selected project