Groups and roles in Nebius AI organizations
You can manage access to resources in your Nebius AI organizations by assigning roles. Each role has its group in each organization. To assign a user or a service account in the organization a role, you need to add them to the corresponding group.
From least to most access, the roles and their groups are:
auditors
viewers
editors
admins
The groups include the following permissions:
Resource type | auditors |
viewers |
editors |
admins |
---|---|---|---|---|
Billing information1 | - | - | - | - |
Support requests | View Create Comment Attach files Close |
View Create Comment Attach files Close |
View Create Comment Attach files Close |
View Create Comment Attach files Close |
Compute Cloud | auditors |
viewers |
editors |
admins |
Virtual machines | View | View | View Create Edit Stop Start Restart Delete |
View Create Edit Stop Start Restart Delete |
GPU clusters | View | View | View Create Edit Delete |
View Create Edit Delete |
Disks | View | View | View Create Edit Attach to VMs Detach from VMs Delete |
View Create Edit Attach to VMs Detach from VMs Delete |
File storages | View | View | View Create Edit Attach to VMs Detach from VMs Delete |
View Create Edit Attach to VMs Detach from VMs Delete |
Snapshots | View | View | View Create Edit Use to create disks Delete |
View Create Edit Use to create disks Delete |
Snapshot schedules | View | View | View Create Edit Delete |
View Create Edit Delete |
Identity and Access Management | auditors |
viewers |
editors |
admins |
Users | View | View | View | View Invite Delete |
Federations | View | View | View Create Edit Add users Remove users Delete |
View Create Edit Add users Remove users Delete |
Groups | View | View | View | View Add members Remove members |
Service accounts | View | View | View Create Edit Delete |
View Create Edit Delete |
Authorized keys | View | View | View Create Edit Delete |
View Create Edit Delete |
Static access keys | View | View | View Create Edit Delete |
View Create Edit Delete |
IAM tokens | View | View | View Create Edit Delete |
View Create Edit Delete |
Managed Service for Kubernetes | auditors |
viewers |
editors |
admins |
Clusters | View | View | View Create Edit Stop Start Delete |
View Create Edit Stop Start Delete |
Node groups | View | View | View Create Edit Delete |
View Create Edit Delete |
Managed services for databases | auditors |
viewers |
editors |
admins |
Clusters | View | View | View Create Edit Stop Start Delete |
View Create Edit Stop Start Delete |
Hosts | View | View | View Create Edit Delete |
View Create Edit Delete |
Databases | - | View | View Create Edit Delete |
View Create Edit Delete |
Shards | - | View | View Create Edit Delete |
View Create Edit Delete |
Users | - | View | View Create Edit Delete |
View Create Edit Delete |
Backups | - | View | View Create Edit Delete |
View Create Edit Delete |
Logs | - | View | View | View |
Object Storage | auditors |
viewers |
editors |
admins |
Buckets | View | View | View Create Delete |
View Create Delete |
Objects, versions | List | List Download |
List Download Delete Restore |
List Download Delete Restore |
Multipart uploads | View | View | View Create Abort |
View Create Abort |
Bucket settings | View | View | View Edit |
View Edit |
Virtual Private Cloud | auditors |
viewers |
editors |
admins |
Private IP addresses | View | View | View | View |
Public IP addresses | View | View | View Make static Make dynamic |
View Make static Make dynamic |
1 Only the billing account owner can view and edit billing information. They can only share the account expense details by getting them as a CSV file.