Access management in DataSphere
The list of operations available to Yandex.Cloud users is determined by the roles they have. A role is assigned to a user at the folder or cloud level, and nested resources inherit this role.
To allow access to resources in DataSphere, assign the required roles to the user from the list below.
For more information about role inheritance, see Inheritance of access rights in the Yandex Resource Manager documentation.
To assign a user a role:
Select the user to assign the role to, click , and choose Configure roles.
To add a cloud role, click in the Roles for cloud
To add a folder role, select the folder and click Assign role in the Roles in folders section.
Choose a role from the list.
Roles for managing clouds and folders
When a new user is added to the cloud, they are automatically assigned the role of cloud member:
This role alone doesn't give you the right to perform any operations and is only used in combination with other roles, such as
resource-manager.clouds.owner is assigned for the cloud and makes the user the owner of the cloud. The owner can perform any operation with the cloud and its resources.
Only the cloud owner can assign users the
A cloud must have at least one owner. The sole owner of a cloud may not give up this role.
datasphere.user role lets the user view the list of projects and work with existing projects. The user can't create or delete projects.
datasphere.admin role lets the user create, edit, and delete projects in DataSphere, as well as view the list of cloud folders.
datasphere.admin role also includes all
datasphere.user role permissions.
viewer role includes all permissions of the
datasphere.user role. The user can view the list of projects and work with existing projects. The user can't create or delete projects.
editor role includes all permissions of the
viewer role. In terms of access to DataSphere service resources, these roles match.
Users with the
admin role can manage resource access rights, such as allow other users to work with folders or view information about projects and user permissions.
admin role also includes all
editor role permissions.