Manage log access

Access to logs is governed by a role model, which defines access within an account and project. Read more in the Access Control in Servercore Products manual.

member

User with full access to all services. Does not have management access to: users, service users, user groups, and federations.

Access scopes	account; project
Who can be assigned	users; service users; user groups
Available log operations	In the Account access scope: viewing logs in the Control Panel and using available tools; log management: receiving logs to user storage using agents; adding custom logs; creating log groups and event streams; deleting log groups and event streams; adding events to an event stream; changing the log retention period; deleting logs
Available log operations	In the Project access scope: viewing logs in the Control Panel and using available tools; log management: receiving logs to user storage using agents; adding custom logs; creating log groups and event streams; deleting log groups and event streams; adding events to an event stream; changing the log retention period; deleting logs

reader

A user with access to view everything that a member manages in the same access scope.

Access scopes	account; project
Who can be assigned	users; service users; user groups
Available log operations	In the Account access scope: viewing logs in the Control Panel and using available tools
Available log operations	In the Project access scope: viewing logs in the Control Panel and using available tools

iam.admin

User with access to user management and no access to services or billing. Cannot manage their account: change permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Who can be assigned	users; service users; user groups
Available log operations	manage users, service users, user groups with access to logs

iam.viewer

A user with access to view everything that an iam.admin manages.

Access scopes	Account
Who can be assigned	users; service users; user groups
Available log operations	view users, service users, user groups; viewing user keys

logs.admin

User with access to log management. Does not have access to other products.

Access scopes	account; project
Who can be assigned	users; service users; user groups
Available log operations	In the Account access scope: viewing logs in the Control Panel and using available tools; log management: receiving logs to user storage using agents; adding custom logs; creating log groups and event streams; deleting log groups and event streams; adding events to an event stream; changing the log retention period; deleting logs
Available log operations	In the Project access scope: viewing logs in the Control Panel and using available tools; log management: receiving logs to user storage using agents; adding custom logs; creating log groups and event streams; deleting log groups and event streams; adding events to an event stream; changing the log retention period; deleting logs

logs.writer

User with access to add logs to the Log service. Does not have access to other products.

Access scopes	account; project
Who can be assigned	users; service users; user groups
Available log operations	In the Account access scope: log management: adding logs from user storage using available tools; creating log groups and event streams
Available log operations	In the Project access scope: log management: adding logs from user storage using available tools; creating log groups and event streams

logs.viewer

User with access to view logs. Does not have access to other products.

Access scopes	account; project
Who can be assigned	users; service users; user groups
Available log operations	In the Account access scope: viewing logs in the Control Panel and using available tools
Available log operations	In the Project access scope: viewing logs in the Control Panel and using available tools