Skip to main content

Manage access to security groups

Access to security groups is regulated by:

Access within the role model

Read more about access within the role model in the Access Management in Servercore Products article.

member

User with full access to all services.Access management is not available for: users, service users, user groups, and federations.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

  • viewing the list of security groups and information about them in all projects;
  • creating and deleting security groups in all projects;
  • editing the name, description, and tags of a group in all projects;
  • assigning a group to a port and detaching a group from a port in all projects;
  • adding and removing rules in a group in all projects;
  • downloading the security group report for all projects

In the Project access scope:

  • viewing the list of security groups and information about them in the selected project;
  • creating and deleting a security group in the selected project;
  • editing the name, description, and tags of a group in the selected project;
  • assigning a group to a port and detaching a group from a port in the selected project;
  • adding and removing rules in a group in the selected project;
  • downloading the security group report for the selected project

iam.admin

User with access to user management and no access to services and billing.Cannot manage their account: change permissions, manage notifications, delete a user.The first user with the iam.admin role is created by the Account Owner.

Access scopesAccount
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

iam.viewer

User with access to view everything that iam.admin manages.

Access scopesAccount
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

reader

User with access to view everything that member in the same access scope.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

  • viewing the list of security groups and information about them in all projects

In the Project access scope:

  • viewing the list of security groups and information about them in the selected project

vpc.admin

User with access to manage cloud platform networks (private networks and subnets, public subnets and public IP addresses, cloud routers), cloud firewalls, security groups, and cloud load balancers.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

  • viewing the list of security groups and information about them in all projects;
  • creating and deleting security groups in all projects;
  • editing the name, description, and tags of a group in all projects;
  • assigning a group to a port and detaching a group from a port in all projects;
  • adding and removing rules in a group in all projects;
  • downloading the security group report for all projects

In the Project access scope:

  • viewing the list of security groups and information about them in the selected project;
  • creating and deleting a security group in the selected project;
  • editing the name, description, and tags of a group in the selected project;
  • assigning a group to a port and detaching a group from a port in the selected project;
  • adding and removing rules in a group in the selected project;
  • downloading the security group report for the selected project

vpc.viewer

User with access to view everything that vpc.admin manages in the same access scope.

Access scopesAccount
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

  • viewing the list of security groups and information about them in all projects;
  • downloading the security group report for all projects

In the Project access scope:

  • viewing the list of security groups and information about them in the selected project;
  • downloading the security group report for the selected project

vpc.network_security.admin

Manage tools for traffic restriction — cloud firewalls, security groups.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

In the Project access scope:

vpc.network_security.user

User with access to view everything that vpc.network_security.admin manages in the same access scope. Also has access to manage security groups on ports in a private or public network.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

  • viewing the list of security groups and information about them in all projects;
  • assigning a group to a port and detaching a group from a port in all projects. In the Control Panel, this action is only available for the role through the security group page (in the top menu, click ProductsCloud ServersSecurity Groups → group page);
  • downloading the security group report for all projects (additionally requires a combination of roles vpc.private_network.viewer and vpc.external_access.viewer, or the role vpc.viewer)

In the Project access scope:

  • viewing the list of security groups and information about them in the selected project;
  • assigning a group to a port and detaching a group from a port in the selected project;
  • downloading the security group report for the selected project (additionally requires a combination of roles vpc.private_network.viewer and vpc.external_access.viewer, or the role vpc.viewer)

vpc.network_security.viewer

User with access to view everything that vpc.network_security.admin in the same access scope.

Access scopes
  • Account;
  • Project
Who can be assigned
  • Users;
  • service users;
  • user groups
Available operations with security groups

In the Account access scope:

In the Project access scope: