Access management in SmartCaptcha
In this section, you will learn:
About access management
In Yandex Cloud, all transactions are checked in Yandex Identity and Access Management. If a subject does not have the required permission, the service returns an error.
To grant permission for a resource, assign roles for this resource to the subject that will perform operations. Roles can be assigned to a Yandex account, a service account, federated users, a user group, or a system group. For more information, see How access management works in Yandex Cloud.
Only users with the admin
, resource-manager.clouds.owner
, or organization-manager.organizations.owner
role for a resource can assign roles for this resource.
Which resources you can assign a role for
You can assign a role to an organization, cloud, or folder. Roles assigned to an organization, cloud, or folder also apply to the CAPTCHAS in them.
Which roles exist in the service
The list below shows all roles that are considered when verifying access rights in the SmartCaptcha service.
Service roles
smart-captcha.auditor
The smart-captcha.auditor
role enables you to view CAPTCHA information and permissions.
smart-captcha.viewer
The smart-captcha.viewer
role enables you to view CAPTCHA information.
The role includes all permissions granted by the smart-captcha.auditor
role.
smart-captcha.editor
The smart-captcha.editor
role enables you to manage CAPTCHAS (create, change, or delete them). Includes all access rights of the smart-captcha.viewer
role.
smart-captcha.admin
The smart-captcha.admin
role enables you to manage CAPTCHAS and access to them. Includes all access rights of the smart-captcha.editor
role.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows you to manage resources, e.g., create, edit, and delete them.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see Roles.
What roles do I need
The table shows actions and minimum roles required to perform them. You can always assign a role granting broader access rights than the role from the table. For example, you can assign the smart-captcha.editor
role instead of the smart-captcha.viewer
role.
Action | Role |
---|---|
Viewing CAPTCHA information | smart-captcha.viewer |
Creating a CAPTCHA | smart-captcha.editor |
Editing a CAPTCHA | smart-captcha.editor |
Deleting a CAPTCHA | smart-captcha.editor |
Managing roles of CAPTCHA users | smart-captcha.admin |