Learn what happens to your existing ACL-based permissions when Vultr enables IAM. ACL rules are mapped to equivalent IAM policies to preserve current access.
When IAM is enabled for your account, your existing ACL-based access is not disrupted. Vultr performs a background migration that maps each of your existing ACL entries to an equivalent Vultr-managed permission policy and assigns them automatically. The result is that all users retain exactly the same effective access they had before, just represented through the IAM system rather than raw ACL flags.
IAM becomes the source of truth for authorization while existing ACL-based enforcement continues to function with no regressions. A background job runs as a fallback to ensure eventual consistency.
| Legacy ACL | IAM Permission | Description |
|---|---|---|
acl_billing |
user.acl.Billing |
Manage billing |
acl_dns |
user.acl.DNS |
Manage DNS |
acl_firewall |
user.acl.Firewall |
Manage firewall |
acl_manage_users |
user.acl.ManageUsers |
Manage users |
acl_subscriptions |
user.acl.Subscriptions |
Manage servers |
acl_subscriptions_view |
user.acl.SubscriptionsView |
View servers |
acl_provisioning |
user.acl.Provisioning |
Deploy new servers |
acl_upgrade |
user.acl.Upgrade |
Upgrade existing servers |
acl_support |
user.acl.Support |
Create support tickets |
acl_objstore |
user.acl.ObjStore |
Manage object storage |
acl_loadbalancer |
user.acl.LoadBalancer |
Manage load balancers |
acl_vke |
user.acl.VKE |
Manage VKE |
acl_abuse |
user.acl.Abuse |
Receive AUP/ToS notifications |
acl_alerts |
user.acl.Alerts |
Receive maintenance notifications |
acl_activity_logs |
user.acl.ActivityLogs |
View activity logs |
acl_provisioning implicitly grants acl_subscriptions and acl_subscriptions_view. The corresponding managed permission policy accounts for these implicit grants, so effective permissions remain identical after migration.