Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex Cloud Functions
  • Getting started
    • Overview
    • Creating and executing functions
    • Creating a timer
    • Creating a trigger for Message Queue
    • Creating a trigger for Object Storage
    • Creating a trigger for Container Registry
    • Creating a trigger for Cloud Logs
    • Creating a trigger for IoT Core
  • Step-by-step instructions
    • All instructions
    • Using functions to get an IAM token for a service account
    • Managing rights to access functions
    • Managing functions
      • Creating a function
      • Managing function versions
      • Working in the code editor
      • Invoking a function
      • Updating a function
      • Viewing monitoring charts
      • Viewing the execution log
      • Deleting a function
    • Managing triggers
      • Getting information about a trigger
      • Creating a timer
      • Creating a trigger for Message Queue
      • Creating a trigger for Object Storage
      • Creating a trigger for Container Registry
      • Creating a trigger for Cloud Logs
      • Creating a trigger for Yandex IoT Core
      • Updating a trigger
      • Deleting a trigger
  • Concepts
    • Overview
    • Function
    • Invoking a function
    • Runtime
      • Overview
      • Environment
      • Execution context
    • Builder
    • Trigger
      • Overview
      • Timer
      • Trigger for Message Queue
      • Trigger for Object Storage
      • Trigger for Container Registry
      • Trigger for Cloud Logs
      • Trigger for Yandex IoT Core
    • Dead Letter Queue
    • Log groups
    • Monitoring
    • Backups
    • Quotas and limits
  • Developing in Node.js
    • Overview
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
    • Using the SDK
  • Developing in Python
    • Overview
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
    • Using the SDK
  • Developing in Go
    • Overview
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
    • Using the SDK
  • Developing in PHP
    • Overview
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
  • Developing in Bash
    • Overview
    • Request handler
    • Logging
    • Handling errors
    • Using the SDK
  • Developing in Java
    • Overview
    • Programming model
      • Overview
      • Function interface
      • YcFunction interface
      • HttpServlet class
      • Spring Boot
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
    • Using the SDK
  • Developing in R
    • Overview
    • Programming model
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
  • Developing in C#
    • Overview
    • Programming model
      • Overview
      • Function interface
      • YcFunction interface
    • Managing dependencies
    • Request handler
    • Invocation context
    • Logging
    • Handling errors
    • Using the SDK
  • Use cases
    • Creating skills for Alice
  • Pricing policy
  • Access management
  • API Functions reference
    • Authentication in the API
    • gRPC
      • Overview
      • FunctionService
      • OperationService
    • REST
      • Overview
      • Function
        • Overview
        • create
        • createVersion
        • delete
        • get
        • getVersion
        • getVersionByTag
        • list
        • listAccessBindings
        • listOperations
        • listRuntimes
        • listTagHistory
        • listVersions
        • removeTag
        • setAccessBindings
        • setTag
        • update
        • updateAccessBindings
  • API Triggers reference
    • Authentication in the API
    • gRPC
      • Overview
      • TriggerService
      • OperationService
    • REST
      • Overview
      • Trigger
        • Overview
        • create
        • delete
        • get
        • list
        • listOperations
        • pause
        • resume
        • update
  • Questions and answers
  1. Step-by-step instructions
  2. Managing rights to access functions

Managing rights to access functions

  • Make your function public
  • View the roles assigned to the function
  • Make the function private

You can make a function public or private, as well as view the roles assigned for the function.

Make your function public

To let any user invoke the function, you must make it public. To do this, enable invoking the function over HTTP without passing the authorization header.

Management console
CLI

Make the function public:

  1. Open Cloud Functions in the folder with the function that you want to make public.
  2. Select it from the list of functions.
  3. On the Overview page under General information, click the toggle in the Public function field.

Make the function public:

$ yc serverless function allow-unauthenticated-invoke <function name>

Result:

done (1s)    

You can also make the function public by assigning the serverless.functions.invoker role to it for all unauthorized users (allUsers system group). To learn how to assign a role to a function, see Assigning roles.

View the roles assigned to the function

CLI

View the roles assigned to the function:

$ yc serverless function list-access-bindings <function name>

Result:

+------------------------------+--------------+------------+
|           ROLE ID            | SUBJECT TYPE | SUBJECT ID |
+------------------------------+--------------+------------+
| serverless.functions.invoker | system       | allUsers   |
+------------------------------+--------------+------------+

Make the function private

To invoke a private function via HTTP, you must authenticate.

Management console
CLI

Make the function private:

  1. Open Cloud Functions in the folder with the function that you want to make private.
  2. Select it from the list of functions.
  3. On the Overview page under Common function, click the toggle in the Public function field.

Make the function private:

$ yc serverless function deny-unauthenticated-invoke <function name>

Result:

done (1s)   

You can also make the function private by revoking its serverless.functions.invoker role. To learn how to revoke a role, see Revoke a role for a resource.

For more information about access rights, see Access management.

In this article:
  • Make your function public
  • View the roles assigned to the function
  • Make the function private
Language
Careers
Privacy policy
Terms of use
© 2021 Yandex.Cloud LLC