Access control in Servercore products

Projects and users are used to separate access to Servercore products.

When registering an account, a main user is automatically created — the Account Owner, who has access to managing all account resources.The Account Owner can create additional users.Users can be of different types, they can be given different permissions — assign roles in a certain area of access.

In addition to the Account Owner, other users can be managed by users with the role of iam_admin For more information about the capabilities of each role, see the Role Reference.

Users can be added to groups to manage multiple users as one.

Users and roles can be managed in the control panel, using the IAM API or Terraform.

Access control is limited in some Servercore products.

Authorizations⁠

Permission defines which operations a user can perform on which group of resources.

An authorization consists of an access area and a role.

Permission can be assigned to different subjects: user, service user or group.You can assign multiple permissions and change them.

Access areas⁠

Permit Access Area — A group of resources for which a permit is granted. An authorization access area can be:

• account — all resources of the account, including resources of all projects;
• projects (project) — resources of selected projects.

Raleigh⁠

A role is a set of authorized operations on specific types of resources or settings. A role defines access within the access area that is specified in the permission.

Depending on the type of user, you can assign roles to different access areas.For more information about the capabilities of each role, see the Role Reference manual.

Role model update⁠

Before the role model was updated in September 2025, users' access was determined only by their roles.After the update, the old concept of role corresponds to permission — a combination of role and access area.Roles have been renamed.Role capabilities have not changed.

Old role title	role	Access area
Account administrator	member	Account
Project Administrator		project
Billing administrator	billing	Account
User Administrator	iam_admin	Account
Account Supervisor	reader	Account
Project Observer		project
S3 Administrator	object_storage_admin	project
User S3	object_storage_user	project
Mobile farm administrator	mobile_farm_admin	project
Mobile farm user	mobile_farm_user	project
Mobile Farm Supervisor	mobile_farm_viewer	project

Restricting access control in some products⁠

Some products and services do not support splitting resources into projects or have their own access system:

• VMware-based cloud products:VMware-based public cloud, VMware-based cloud disaster recovery, VMware-based remote desktop rental;
• Servercore Mail Service;
• Direct Connect;
• Global Connect;
• IP address accounting;
• DDoS protection;
• Fault-tolerant load balancer;
• ML and data processing: AI marketplace, ML platform, Data processing platform;
• backup and recovery products: Backup by Agents, Veeam Cloud Connect, Cyber Backup Cloud;
• Monitoring;
• Loglines.

In S3, a user's access to a buck can be changed according to the access policy, more details in the Manage Access in S3 instructions.