Access Level

[Update: March 28, 2018]

The following describes how to set the Access Level function.

1. Overview

Access Level is a function to limit the control panel’s scope of operations and API for each user-account combination. Usability and security are enhanced by setting an access level suitable to the role of each user.

Only the administrator (a user who logs in to the control panel through SAKURA internet member ID authentication) is authorized to set the Access Level function.

When using API keys, an access level needs to be set for each API key added to an account.

*Only an administrator/user with Create/Delete authorization will be able to log into the control panel and set the API key access level.

2. Access level and operation authority

There are four tiers of authorization for resource operations with higher-level incorporating and extending beyond lower-level authorization.

Level of authorization Operations permitted within a target account
  1. View resources
● View resources
  1. Power operation
● Server/appliance power operation
● Server remote consol operation
  1. Modify settings
● Create/delete resources without affecting billing amounts
● Change settings of pre-existing resources
  1. Create/Delete
● All operations, including those that affect billing amounts
● Issuance of and reference to API keys

Operations requiring authorization higher than the set access level will have their buttons disabled on the control panel, and cannot be performed.

*With API, an attempt to perform an operation for which you are unauthorized, an error code ”403″ (Forbidden) will be returned and the operation will not be executed.

Authorized access to the event log and billing information as well as to object storage and web accelerator control panels can be set individually and independently of resource operations’ access levels set for each account.

Authorization name Authorized operations
Authorization to view billing information Referring to a selected account’s billing information
Object storage Object storage control panel access
Web accelerator Web accelerator control panel access
Event log View event log

At each user’s home screen, only icons for authorized functions will be displayed.

Page to be displayed when authorization has been granted

../_images/access-level-03.png

If object storage access level has not been set

../_images/access-level-04.png

3. Setting method

The following outlines the procedure to set access levels of pre-existing accounts/users. To create a new user account, please refer to the :ref: User/account function <user-account> page.

Authorization settings for control panel operations

  1. Log in to the SAKURA Cloud control panel as the administrator (member ID).

You will only be able to change account and user settings by logging in to the control panel as a SAKURA internet member with your administrator member ID.

  1. Click on Account from the menu on the left then select the account which association you want to edit.

Select the account whose access level you want to change from the list of created accounts. Alternately, you can change access levels by clicking User from the menu on the left, then selecting a user from the Created User List screen.

  1. Access Level

Below the section for changing information (account name, etc) a list of users will be displayed. Select a radio button from the User list in order to grant authorization.

*If the No Access radio button has been activated, a user will be unauthorized to access the selected account including the IaaS control panel, object storage, or view the account’s billing information.
*By ticking the checkbox for View Billing Information or Object Storage, View Resources will be selected automatically even if No Access has been activated.

API access authorization settings

  1. Log in to the SAKURA Cloud control panel.

*Log in to the control panel. The user at the time of login must be an administrator or a user with the authority to create/delete the account.

  1. Select an account from the API key screen.

Select API Key from the menu on the left.

A list of configured accounts will be displayed. Select the account you wish to reconfigure.

  1. Creating a new API key/Editing a pre-existing API key

The API Key Settings screen will appear. To set the access level for a pre-existing API key, select a key from the API key list and proceed to the Edit screen. To create a new API key, click Add.

  1. Access Level

Select the access level for which you want to specify settings in the access level setting items at the bottom of the API Key Settings screen.

*If Disable is selected, the API key is disabled and authorization will be invalidated.
*When selecting Billing Information or Web Accelerator, the API access level must be set to View Resources at minimum.

4. Access level authorization comparison table

The following is a list of operations that can be performed by each level of authorization.

○…Executable
×…Not executable

Account/user

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Create/delete account × × × ×
Creating/deleting a user × × × ×
Settings user access level × × × ×

Server

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Create/delete × × ×
Change plan × × ×
Clone × × ×
Change settings × ×
Power operation ×
Remote consol ×

Storage (disk/archive/ISO image)

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Create/delete × × ×
Copy × × ×
Disk modification × ×
Reinstallation × ×
Connecting interface settings × ×
Change settings × ×
FTP startup/completion × ×
VPS migration × × × ×

Network (switch/packet filter/bridge connection/local router)

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Create/delete × × ×
Router bandwidth change × × ×
Add static route × × ×
Change settings × ×
Enable/disable IPv6 × ×
Edit bridge connection
(between cloud zones)
× ×
Edit bridge connection
(VPS/dedicated server connection)
× × × ×
Create/delete (packet filter) × ×
Local router
create/delete/edit
× × × ×

Load balancer/VPC router/GSLB/DNS/simple monitoring/database

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Create/delete × × ×
Adding a new switch
(load balancer/VPC router)
× × ×
Change settings/update × ×
Power operation
(load balancer/VPC router/database)
× × ×

Settings menu

Operation/authorization Administrator (member ID) 4.作成削除 3.設定編集 2.電源操作 1.リソース閲覧
Adding/deleting a license × × ×
Discount passport purchase × × ×
Creating/deleting a private host × × ×
Creating/deleting a public key × ×
Editing a public key × ×
Creating/deleting an API key × × ×
Editing an API key × × ×
Viewing an API key × × ×
Creating/deleting a script × ×
Editing a script × ×
Creating/deleting an icon × ×
Editing an icon × ×
Registering a coupon × × ×
Registration of failure notification email address
Creating/deleting a resource manager × × × ×