Yandex.Cloud
  • Services
  • Why Yandex.Cloud
  • Solutions
  • Pricing
  • Documentation
  • Contact us
Get started
Yandex API Gateway
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Creating API gateways
    • Updating API gateways and their specifications
    • Connecting a domain
    • Deleting API gateways
    • Viewing monitoring charts
    • Viewing the execution log
  • Concepts
    • Relationship between service resources
    • Specification extensions
      • Overview
      • Static response
      • Invoking a function
      • Access via HTTP
      • Integration with Object Storage
    • Quotas and limits
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ApiGatewayService
      • OperationService
    • REST
      • Overview
      • ApiGateway
        • Overview
        • create
        • delete
        • get
        • getOpenapiSpec
        • list
        • listAccessBindings
        • listOperations
        • setAccessBindings
        • update
        • updateAccessBindings
  • Questions and answers
  1. Access management

Access management

  • Assigning roles
  • Roles
    • viewer
    • editor
    • admin

Yandex.Cloud users can only perform operations on resources that are permitted under the roles assigned to them.
If a user doesn't have any roles assigned, almost all operations are forbidden.

To allow access to resources (API gateways) in API Gateway, assign the required roles to the user from the list below. For now, a role can only be assigned for a parent resource (folder or cloud).

Note

For more information about role inheritance, see Inheritance of access rights in the Yandex Resource Manager documentation.

Assigning roles

To assign a user a role:

  1. Open the Access management page for the selected cloud. If necessary, switch to another cloud.

  2. Select the user to assign the role to, click , and choose Configure roles.

  3. To add a cloud role, click in the Roles for cloud section.

    To add a folder role, select the folder and click Assign role in the Roles in folders section.

  4. Choose a role from the list.

Roles

The list below shows all roles that are considered when verifying access rights in the API Gateway service.

viewer

The user with the viewer role can view information about resources, such as the list of functions or their versions and the function execution log.

editor

The user with the editor role can manage functions and their versions, such as creating or deleting a version or editing information about a function.

The editor role also includes all viewer role permissions.

admin

The user with the admin role can manage access rights to resources, such as allow other users to invoke functions or work with their versions.

The admin role also includes all editor role permissions.

In this article:
  • Assigning roles
  • Roles
  • viewer
  • editor
  • admin
Language / Region
Careers
Privacy policy
Terms of use
Brandbook
© 2021 Yandex.Cloud LLC