Types and roles of users
User access rights are delimited through:
- user-types, which define where the account will be used — in the dashboard or for authorized access via APIs and automation tools;
- user roles, which define accesses within each user type.
Add and edit users can only be accessed by users with the Account Owner or User Administrator role.
User types and roles are temporarily unsupported in the following product and service groups:
- Cloud powered by VMware: Public Cloud powered by VMware, disaster recovery to Cloud powered by VMware, and others;
- network services (except CDN and DNS);
- additional services: monitoring and others.
In object storage, user access to the container can be changed according to the access policy, see Manage Object Storage Access for details.
Types of users
The user type is specified at add user and cannot be changed:
- control panel user — a user with an account in the control panel who registers in the control panel and passes two-step authentication via mail and phone number during authorization. May prescribe Selectel token (API key) for full access to Selectel's API products;
- service user — a user with an account for program access via Selectel Product API and other automation tools. Has only a username and password. Cannot access dashboard;
- federated user — a control-panel user who belongs to one of federations and is authenticated through SSO. Does not pass two-step authentication. The user is added already registered — he only needs to enter his full name at the first login. Mail is required. Does not have access to the API.
For more information about authorizing different types of users in the API, see the Authorization API Documentation instructions.
User Roles
Depending on user-type, a user can be assigned one or more roles.
Role Comparison
If a role has all the accesses of another role, the roles are not combined.
The role combinations Project Administrator and Project Viewer, Object Storage Administrator and Object Storage User cannot be assigned to the same project, but can be assigned to different ones.