Setting up user group access bindings
Change a subject's access bindings to a group as a resource. To grant a group access bindings to a resource, follow the Granting permissions to a user group instructions.
Access management in Yandex Cloud is based on roles.
Assigning a role
You can assign a role for a group as a resource. You can grant roles to users and groups from your organization.
For example, allow a user to view group information and manage its members.
-
Log in
as the organization administrator. -
Go to Yandex Cloud Organization
. -
In the left-hand panel, select Groups
and click the line with the group name. -
Go to the Group access rights tab.
-
Click Assign roles.
-
Click Select subject.
-
Select the appropriate user or group from the list or use the search.
-
Click Add role and select
organization-manager.groups.memberAdmin
. -
Click Save.
The user will appear in the list of group access bindings.
Revoking a role
To revoke a group role from a user:
-
Log in
as the organization administrator. -
Go to Yandex Cloud Organization
. -
In the left-hand panel, select Groups
and click the line with the group name. -
Go to the Group access rights tab.
-
Select a user from the list and click
next to the username. -
Click Configure access.
-
Click
next to the role to revoke. -
Click Save.
Tip
To open the list of users allowed to manage the group at the organization role level (e.g., organization admin or owner), go to the Group access rights tab and enable the Inherited roles option.