Certain roles are assigned to all users in projects. Rights to manage settings, resources, and other users are set according to assigned roles.
All available roles, their descriptions, and the rights assigned to them are listed below.
Client Administrator
Scope: Account
Account Management:
Create, read, list, edit, and delete projects.
Invite other users to projects and assign specific roles to users (up to the Client Administrator).
Access all cost reports, tasks, and audit logs (user actions).
Read account quotas and request quota limits increases.
Create, read, list, edit, and delete resource reservations.
Resource Management:
Create, read, list, edit, and delete any cloud resources in any project of the account. This includes Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.
Project Administrator
Scope: Project
Account Management:
Invite other users to the project and assign specific roles to users (up to the Project Administrator).
Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
Read account quotas.
Resource Management:
Create, read, list, edit, and delete any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.
Project User
Scope: Project
Account Management:
Access cost report, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
Read account quotas.
Resource Management:
Create, read, list, edit, and delete any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, and more.
Project Internal Network Only User
Scope: Project
Account Management:
Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
Read account quotas.
Resource Management:
Limited access to create, read, list, edit, and delete any cloud resources in the project. This includes Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, etc.
Extra Limitations:
Cannot create resources with a public IP address (Virtual Machines, Bare Metal, GPU Cloud, Load Balancers, Managed Kubernetes).
Cannot use floating IP addresses.
Cannot edit any resources by attaching a public IP address.
Project Observer
Scope: Project
Account Management:
Access cost reports, tasks, and audit logs (user actions) but only for a particular project. No access to the reservation cost report.
Read account quotas.
Resource Management:
List and read any cloud resources in the project, including Virtual Machines, Bare Metal, Volumes, Snapshots, File Shares, GPU Cloud, Managed Kubernetes, Function as a Service, Managed Logging, Images, SSH Keys, Networks, Firewalls, Load Balancers, etc.
Was this article helpful?
Not a Gcore user yet?
Discover our offerings, including virtual instances starting from 3.7 euro/mo, bare metal servers, AI Infrastructure, load balancers, Managed Kubernetes, Function as a Service, and Centralized Logging solutions.