Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
© 2022 Yandex.Cloud LLC
Yandex Container Registry
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Authentication in Container Registry
    • Managing a Docker image
      • Getting information about available Docker images
      • Creating a Docker image
      • Pushing a Docker image to a registry
      • Pulling a Docker image from a registry
      • Deleting a Docker image from a registry
    • Managing Helm charts
      • Getting information about available Helm charts
      • Pushing a Helm chart to a registry
      • Pulling a Helm chart from a registry
      • Deleting a Helm chart from a registry
    • Managing a registry
      • Getting information about existing registries
      • Creating a registry
      • Updating a registry
      • Deleting a registry
    • Managing a repository
      • Getting information about existing repositories
      • Creating a repository
    • Managing Docker image lifecycle policies
      • Getting information about existing lifecycle policies
      • Creating a lifecycle policy
      • Updating a lifecycle policy
      • Performing lifecycle policy dry runs
      • Deleting a lifecycle policy
    • Scanning Docker images for vulnerabilities
    • Working with roles
      • Assigning a role
      • Viewing assigned roles
      • Revoking a role
  • Yandex Container Solution
  • Practical guidelines
    • All tutorials
    • Running a Docker image on a VM
    • Creating a trigger with Yandex Cloud Functions
    • Setting up automatic scanning of a Docker image
  • Concepts
    • Overview
    • Docker image
    • Docker volume
    • Registry
    • Repository
    • Docker image lifecycle policies
    • Vulnerability scanner
    • Yandex Cloud Functions trigger
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
  • API reference
    • Authentication in the API
    • gRPC
      • Overview
      • ImageService
      • LifecyclePolicyService
      • RegistryService
      • RepositoryService
      • ScannerService
      • OperationService
    • REST
      • Overview
      • Image
        • Overview
        • delete
        • get
        • list
      • LifecyclePolicy
        • Overview
        • create
        • delete
        • dryRun
        • get
        • getDryRunResult
        • list
        • listDryRunResultAffectedImages
        • listDryRunResults
        • update
      • Registry
        • Overview
        • create
        • delete
        • get
        • list
        • listAccessBindings
        • listIpPermission
        • setAccessBindings
        • setIpPermission
        • update
        • updateAccessBindings
        • updateIpPermission
      • Repository
        • Overview
        • delete
        • get
        • getByName
        • list
        • listAccessBindings
        • setAccessBindings
        • updateAccessBindings
        • upsert
      • Scanner
        • Overview
        • get
        • getLast
        • list
        • listVulnerabilities
        • scan
  • Troubleshooting
  • Questions and answers
  1. Step-by-step instructions
  2. Working with roles
  3. Viewing assigned roles

Viewing assigned roles

Written by
Yandex Cloud

    To view assigned roles:

    Management console
    CLI
    API
    1. In the management console, select the folder where you wish to view resource roles.
    2. In the list of services, select Container Registry.
    3. View the roles assigned for a resource:
      • Viewing roles for a registry:
        1. To the right of the registry name, click and select Configure ACL.
        2. In the window that opens, you can see a list of users and their permissions for the registry.
      • Viewing roles for a repository:
        1. Select the desired registry.
        2. To the right of the repository name, click and select Configure ACL.
        3. In the window that opens, you can see a list of users and their permissions for the repository.

    If you don't have the Yandex Cloud command line interface yet, install and initialize it.

    The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

    Run the command:

    yc <service name> <resource> list-access-bindings <resource name>|<resource ID>
    

    Where:

    • <service name>: Name of a container service.
    • <resource>: Category of the resource (registry or repository).
    • <resource name>: Name of the resource that the role is assigned for. You can specify a resource by its name or ID.
    • <resource id>: ID of the resource that the role is assigned for.

    Example. View the roles for the registry with the ID crp0pmf1n68dh715tf02:

    yc container registry list-access-bindings crp0pmf1n68dh715tf02
    

    Result:

    +--------------------------+------------------+----------------------+
    |         ROLE ID          |   SUBJECT TYPE   |      SUBJECT ID      |
    +--------------------------+------------------+----------------------+
    | container-registry.admin | federatedAccount | kolhpriseeioo9dc3v24 |
    +--------------------------+------------------+----------------------+
    

    Use the method listAccessBindings for the resources registry and repository.

    Read more about role management in the Yandex Identity and Access Management documentation.

    Was the article helpful?

    Language / Region
    © 2022 Yandex.Cloud LLC