Manage access to a global router

Access to a global router is governed by a role model that defines access within an account and project. Read more in the Access Control in Servercore Products.

member

A user with full access to all services. Does not have management access to: users, service users, user groups, and federations.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with a global router	In the Account access scope: Viewing a list of global routers, networks and subnets connected to them, and a list of static routes on the router; creating, modifying, and deleting global routers; adding, modifying, and deleting static routes on a global router; renaming networks and subnets connected to a global router; connecting an existing or new cloud platform network and subnet to a global router; connecting an existing or new dedicated server network and subnet to a global router; deleting a cloud platform network or subnet from a global router network, including deleting the cloud platform network or subnet itself; deleting a dedicated server network or subnet from a global router network
Available operations with a global router	In the Project access scope, operations with a global router are not available

iam.admin

A user with access to manage users, but no access to services and billing. Cannot manage their own account: change permissions, manage notifications, or delete a user. The first user with the iam.admin role is created by the Account Owner.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with a global router	Manage users, service users, user groups with access to a global router, as well as manage federations

iam.viewer

A user with access to view everything managed by iam.admin.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with a global router	View users, service users, user groups with access to a global router, as well as view federations

reader

A user with access to view everything managed by member within the same access scope.

Access scopes	Account; Project
Can be assigned to	Users; service users; user groups
Available operations with a global router	In the Account access scope: viewing a list of global routers, connected networks and subnets, and a list of static routes on the router
Available operations with a global router	In the Project access scope, operations with a global router are not available

global_router.admin

User with access to manage global routers in the account. Does not have access to other products.

Access scopes Account

Can be assigned to

Users;
service users;
user groups

Available operations with a global router

Viewing a list of global routers, networks and subnets connected to them, and a list of static routes on the router;
creating, modifying, and deleting global routers;
adding, modifying, and deleting static routes on a global router;
renaming networks and subnets connected to a global router.

For other operations with global router networks, the member role is additionally required (Project or Account access scope):

connecting an existing or new cloud platform network and subnet to a global router;
connecting an existing or new dedicated server network and subnet to a global router;
deleting a cloud platform network or subnet from a global router network, including deleting the cloud platform network or subnet itself;
deleting a dedicated server network or subnet from a global router network

global_router.viewer

User with access to view global routers and their networks. Does not have access to other products.

Access scopes	Account
Can be assigned to	Users; service users; user groups
Available operations with a global router	Viewing a list of global routers, networks and subnets connected to them, and a list of static routes on the router