Getting started with IAM

IAM lets you manage access to resources.

These instructions are intended for cloud owners and administrators. You will learn how to:

Before you start

  1. Log in to the management console. If you aren't registered, go to the management console and follow the instructions.
  2. On the billing page, make sure you linked a billing account and it has the ACTIVE or TRIAL_ACTIVE status. If you don't have a billing account, create one.
  3. If you have no one to add to the cloud, you can create a new account on Yandex and grant access to the cloud to this account.

Add a new user to the cloud

To grant a user access to resources, add the user to your cloud:

  1. Open the Access management page for the selected cloud. If necessary, switch to another cloud.

  2. On the Users and roles page, click the Add user button in the upper-right corner.
  3. Enter the user's Yandex email address.
  4. Click Add.

When a new user is added to the cloud, they are automatically assigned the cloud member role: resource-manager.clouds.member. This role is necessary for the user to access resources in the cloud. However, this role doesn't give you the right to perform any operations and is only used in combination with other roles, such as admin, editor, or viewer.

Assign roles to the user

To specify which operations the user can perform, assign relevant roles to the user. For example, allow them to manage resources in a certain folder:

  1. Select the user to assign the role to, click image, and choose Configure roles.

  2. Under Roles for the cloud , click the image icon.
  3. Choose the viewer role. This role lets the user view resources in your cloud.
  4. Select a folder in Roles in folders and click Assign role.
  5. Choose the editor role. This role allows the user to create and manage resources in this folder.
  6. Click Close.

Revoke assigned roles

If the user no longer needs the assigned roles, revoke them:

  1. Open the page Access management.

  2. Select the user to assign the role to, click image, and choose Configure roles.

  3. Click the image icon next to each role you want to revoke.

  4. Click Close.

    If the user doesn't have any more roles for your cloud, this user disappears from the list.


If you want to revoke all roles at once, delete the user from your cloud.

What's next