Skip to main content
Certain roles are assigned to all users in projects. Rights to manage settings, resources, and other users are set according to assigned roles. All available roles, their descriptions, and the rights assigned to them are listed below.

Client administrator

Scope : Account Account Management:
  • Create, read, list, edit, and delete projects.
  • Invite other users to projects and assign specific roles to users (up to the Client Administrator).
  • Access all cost reports, tasks, and audit logs (user actions).
  • Read account quotas and request quota limits increases.
  • Create, read, list, edit, and delete resource reservations.
Resource Management:
  • Create, read, list, edit, and delete any cloud resources in any project of the account. This includes Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.

Project administrator

Scope : Project Account Management:
  • Invite other users to the project and assign specific roles to users (up to the Project Administrator).
  • Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
  • Read account quotas.
Resource Management:
  • Create, read, list, edit, and delete any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.

Project user

Scope : Project Account Management:
  • Access cost report, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
  • Read account quotas.
Resource Management:
  • Create, read, list, edit, and delete any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.

Project internal network only user

Scope : Project Account Management:
  • Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
  • Read account quotas.
Resource Management:
  • Limited access to create, read, list, edit, and delete cloud resources in the project. This includes Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, etc.
  • For Managed Kubernetes and Container-as-a-Service, only read-only access is allowed.
Extra Limitations:
  • Cannot create or modify any resources that can be accessible from the internet.
  • Cannot create resources with a public IP address (Virtual Machines, Bare Metal, GPU Cloud, Load Balancers, Managed Kubernetes).
  • Cannot use floating IP addresses.
  • Cannot edit any resources by attaching a public IP address.

Project observer

Scope : Project Account Management:
  • Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
  • Read account quotas.
Resource Management:
  • List and read any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, etc.