Managing rights to access functions
You can make a function public or private, as well as view the roles assigned for the function.
Make your function public
To allow any user to call the function, you must make it public, meaning enable the function call over HTTPS without passing the authorization header.
Make the function public:
- Open Cloud Functions in the folder with the function that you want to make public.
- Select it from the list of functions.
- On the Overview page under General information, click the toggle in the Public function field.
Make the function public:
$ yc serverless function allow-unauthenticated-invoke my-function
done (1s)
You can also make the function public by assigning the serverless.functions.invoker role to it for all unauthorized users (allUsers system group). To learn how to assign a role to a function, see Assigning roles.
View the roles assigned to the function
View the roles assigned to the function:
$ yc serverless function list-access-bindings my-function
+------------------------------+--------------+------------+
| ROLE ID | SUBJECT TYPE | SUBJECT ID |
+------------------------------+--------------+------------+
| serverless.functions.invoker | system | allUsers |
+------------------------------+--------------+------------+
Make the function private
Make the function private:
- Open Cloud Functions in the folder with the function that you want to make private.
- Select it from the list of functions.
- On the Overview page under Common function, click the toggle in the Public function field.
Make the function private:
$ yc serverless function deny-unauthenticated-invoke my-function
done (1s)
You can also make the function private by revoking its serverless.functions.invoker role. To learn how to revoke a role, see Revoke a role for a resource.
For more information about access rights, see Access management.