Skip to main content

Manage access to cloud servers and flavors

Access to cloud servers and flavors is governed by a role model that defines access within an account and project. Read more in the Access Control in Servercore Products.

member

User with full access to all services. Does not have access to manage: users, service users, user groups, and federations.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • creating cloud servers;
    • changing cloud server configurations;
    • changing the OS administrator password;
    • adding and removing private and public IP addresses;
    • adding and removing cloud server ports;
    • adding and removing security groups;
    • creating cloud server backups;
    • creating cloud server images;
    • connecting and disconnecting network volumes to cloud servers;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;
    • pausing and freezing cloud servers;
    • resuming cloud servers after pausing or freezing;
    • rebuilding cloud servers;
    • restoring cloud servers after soft deletion;
    • deleting cloud servers;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys;

  • viewing the list of placement groups and information about them: group name, placement policy condition;

  • managing placement groups:

    • creating placement groups;
    • deleting placement groups

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • creating cloud servers;
    • changing cloud server configurations;
    • changing the OS administrator password;
    • adding and removing IP addresses, public IP addresses;
    • adding and removing cloud server ports;
    • adding and removing security groups;
    • creating cloud server backups;
    • creating cloud server images;
    • connecting and disconnecting network volumes to cloud servers;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;
    • pausing and freezing cloud servers;
    • resuming cloud servers after pausing or freezing;
    • rebuilding cloud servers;
    • restoring cloud servers after soft deletion;
    • deleting cloud servers;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys;

  • viewing the list of placement groups and information about them: group name, placement policy condition;

  • managing placement groups:

    • creating placement groups;
    • deleting placement groups

reader

A user with access to view everything managed by member in the same access scope.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;
  • viewing the list of SSH keys and information about them;
  • viewing the list of placement groups and information about them: group name, placement policy condition

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;
  • viewing the list of SSH keys and information about them;
  • viewing the list of placement groups and information about them: group name, placement policy condition

billing

A user with access to billing management and no access to service management.

Access scopesAccount
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers
  • billing management

iam.admin

User with access to manage users, without access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access scopesAccount
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

iam.viewer

A user with access to view everything managed by iam.admin.

Access scopesAccount
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

compute.admin

User with access to manage cloud servers, flavors, and placement groups. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • creating cloud servers;
    • changing cloud server configurations;
    • changing the OS administrator password;
    • adding and removing private and public IP addresses *;
    • adding and removing cloud server ports *;
    • adding and removing security groups *;
    • creating cloud server backups;
    • creating cloud server images;
    • connecting and disconnecting network volumes to cloud servers;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;
    • pausing and freezing cloud servers;
    • resuming cloud servers after pausing or freezing;
    • rebuilding cloud servers;
    • restoring cloud servers after soft deletion;
    • deleting cloud servers;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys;

  • viewing the list of placement groups and information about them: group name, placement policy condition;

  • managing placement groups:

    • creating placement groups;
    • deleting placement groups

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • creating cloud servers;
    • changing cloud server configurations;
    • changing the OS administrator password;
    • adding and removing private and public IP addresses *;
    • adding and removing cloud server ports *;
    • adding and removing security groups *;
    • creating cloud server backups;
    • creating cloud server images;
    • connecting and disconnecting network volumes to cloud servers;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;
    • pausing and freezing cloud servers;
    • resuming cloud servers after pausing or freezing;
    • rebuilding cloud servers;
    • restoring cloud servers after soft deletion;
    • deleting cloud servers;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys;

  • viewing the list of placement groups and information about them: group name, placement policy condition;

  • managing placement groups:

    • creating placement groups;
    • deleting placement groups

* In addition to the compute.admin role, the user must have a role with access to manage cloud platform networks.

compute.viewer

User with access to view cloud servers, flavors, and placement groups. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing Syslog;
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;
  • viewing the list of SSH keys and information about them;
  • viewing the list of placement groups and information about them: group name, placement policy condition

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing Syslog;
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;
  • viewing the list of SSH keys and information about them;
  • viewing the list of placement groups and information about them: group name, placement policy condition

compute.server.user

User with access to manage cloud servers. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • changing the OS administrator password;
    • adding and removing private and public IP addresses *;
    • adding and removing cloud server ports *;
    • adding and removing security groups *;
    • creating cloud server backups *;
    • creating cloud server images *;
    • connecting and disconnecting network volumes to cloud servers *;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers *;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);

  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;

  • viewing statistics for cloud servers;

  • managing cloud servers:

    • changing the OS administrator password;
    • adding and removing private and public IP addresses *;
    • adding and removing cloud server ports *;
    • adding and removing security groups *;
    • creating cloud server backups *;
    • creating cloud server images *;
    • connecting and disconnecting network volumes to cloud servers *;
    • powering on and off cloud servers;
    • enabling and disabling the Rescue mode for cloud servers *;
    • adding and removing cloud server tags;
    • adding and removing cloud servers from a placement group;

  • using the console;

  • viewing Syslog;

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • viewing the list of SSH keys and information about them;

  • managing SSH keys:

    • creating or importing SSH keys;
    • deleting SSH keys

* In addition to the compute.server.user role, the user must have a role with access to manage cloud platform networks, networks volumes, images and backups.

compute.server.viewer

User with access to view cloud servers. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing Syslog;
  • viewing the list of flavors and information about them: flavor name, vCPU count, RAM, and local disk size;
  • viewing the list of SSH keys and information about them

In the Project access scope:

  • viewing project quotas (default quotas, modified quota values, and used quotas);
  • viewing the list of cloud servers and information about them: server type, configuration type, number of vCPU, memory size, attached volumes, security groups, network settings, tags;
  • viewing statistics for cloud servers;
  • viewing Syslog;
  • viewing the list of flavors and information about them: flavor name, vCPU count, RAM, and local disk size;
  • viewing the list of SSH keys and information about them

compute.flavor.admin

User with access to manage cloud server flavors. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas);

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them

In the Project access scope:

  • viewing project quotas (default quotas);

  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size;

  • managing flavors:

    • creating private flavors;
    • configuring access to flavors in projects;
    • deleting flavors;

  • viewing the list of SSH keys and information about them

compute.flavor.viewer

User with access to view cloud server flavors. Does not have access to other products.

Access scopes
  • account;
  • project
Who can be assigned
  • users;
  • service users;
  • user groups
Available operations with cloud servers and flavors

In the Account access scope:

  • viewing all project quotas (default quotas);
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size
  • viewing the list of SSH keys and information about them

In the Project access scope:

  • viewing project quotas (default quotas);
  • viewing the list of flavors and information about them: flavor name, number of vCPU, RAM, and local disk size
  • viewing the list of SSH keys and information about them