IAM Features

When setting up access for additional users, there are certain nuances to consider. Below, we explain them in more detail.

Access Combinations

Some parts of the control panel are closely linked with specific types of services (for example, SSH keys are tied to cloud servers).

When the account owner grants access to a section that has related functionality, the user will automatically receive the same level of access to those related features.

All access combinations are listed below:

Servers:

• Cloud Servers
• SSH Keys
• Images
• Private Networks
• Firewall
• Public IPs

Databases:

• Databases
• Private Networks
• Firewall
• Public IPs

Balancers:

• Load Balancers
• Private Networks
• Firewall
• Public IPs

Networks:

• Private Networks
• Firewall
• Public IPs

Domains:

• Domains
• Domain Administrators

Access to the Finances section is always granted for the entire account. Even if a user is limited to specific projects, the Billing section will show all account services.

Available to All Users

Each additional user can:

• Enable or disable dark mode
• Access the API section

Any token issued by an additional user will have the same permissions as the user themselves. 

Available to Account Owner Only

The following sections and options are always available only to the account owner:

• Notifications
• Users
• Feedback
• News
• Referral Program
• Project Management (creating, deleting projects, and moving services between projects)

"Read Only" Access

It’s important to note that the "Read only" permission allows a user to see all information in a section, including passwords.

For example, a user with "Read only" access to the Databases and Cloud Servers sections won’t be able to create or delete servers or databases in the panel, but they can still retrieve access credentials and connect via standard methods (e.g., SSH).

Creating Services Without Access to Finances

Users with "Management" access to a specific section can create new services in that section, even if they cannot access the Finances section or view the balance.

If the account balance is sufficient, the service will be successfully created.

Contacting Support

When an additional user contacts support, we check their access level for the section related to the request.

Management: Support can perform all actions available for the service except deletion. The client must delete resources themselves.

Read only: Support cannot perform any actions on the service without approval from the primary account. In this case, we require additional verification of the user as the account owner or ask the primary account to submit the request.

No access: We do not disclose any information about the service. To proceed, we must verify the user as the primary account holder or receive the request directly from the account owner.

Restrictions

• Server transfers between accounts: Only primary users can submit these requests.
• Deletion and backup restoration: Support does not perform these actions.
• Adding or configuring additional users: Only the account owner can do this.
• Access issues: If an additional user has trouble accessing the account or specific sections, they must contact the account owner directly to resolve the issue.