| copyright | lastupdated | keywords | subcollection | ||
|---|---|---|---|---|---|
|
2019-05-17 |
resource, access, role, action, permission, assign, administrator, operator, editor, viewer, user, managing |
vpc-on-classic |
{:shortdesc: .shortdesc} {:codeblock: .codeblock} {:screen: .screen} {:new_window: target="_blank"} {:pre: .pre} {:tip: .tip} {:note: .note} {:important: .important} {:table: .aria-labeledby="caption"}
{: #planning-virtual-servers-for-vpc-permissions}
When you're planning to provision {{site.data.keyword.vsi_is_full}}, you must understand the virtual server access available based on your user role. {:shortdesc}
Review the following table to learn more about user roles and the specific level of access each role encompasses.
- As an administrator you can define roles and take any available actions on {{site.data.keyword.vsi_is_short}}.
- As an editor you can modify the state and create or delete subresources.
- As an operator you can take actions that don't change the state of resources.
- As a viewer you can take actions that don't change the state of the resources.
| Virtual Server for VPC role | Description | Actions |
|---|---|---|
| Admin | All actions including the ability to manage access control. |
Access control:
Virtual Servers:
|
| Editor | Actions that can modify the state, as well as, create and delete sub-resources. |
Virtual Servers:
|
| Operator | Actions that do not change state |
Virtual Servers:
|
| Viewer | Actions that do not change state |
Virtual Servers:
|
When you create an instance, you must also have Operator access for the VPC and Security Group resources, if those resources are specified. Subnet and Floating IP resources inherit permissions from the associated VPC.
{: tip}
{: #next-manage-vpc-resource-permissions}
For more information on how to change a user's permissions, see Managing user permissions for VPC resources.