Access management in Yandex Cloud Video
User access to Cloud Video depends on relevant permissions granted within an organization. Organizations are managed using Yandex Cloud Organization.
The list of operations available to Cloud Video users is determined by the roles they have. Roles can be assigned to a Yandex account, federated users, a user group, or a system group. For more information about managing access to Yandex Cloud, see How access management works in Yandex Cloud.
Only users with the admin
, resource-manager.clouds.owner
, or organization-manager.organizations.owner
role for a resource can assign roles for this resource.
You can add users to Cloud Video as follows:
- Send an invitation from the Cloud Video interface
by specifying the email address that the user used to register in the organization. - Grant users access rights through the Cloud Organization interface.
Which roles exist in the service
The chart below shows which roles are available in the service and how they inherit each other's permissions. For example, the editor
role includes all the permissions of viewer
. You can find the description of each role under the chart.
Service roles
video.viewer
The video.viewer
role is intended for viewing Cloud Video resources and their parameters.
The role can be granted by the user with the admin or video.admin role for the cloud.
video.editor
The video.editor
role is intended for managing Cloud Video resources. Users with this role can:
- Perform any actions allowed by the video.viewer role.
- Create, edit, and delete Cloud Video resources.
The role can be granted by the user with the admin or video.admin role for the cloud.
video.admin
The video.admin
role is intended for managing Cloud Video. Users with this role can:
- Perform any actions allowed by the video.editor role.
- Manage access of other users to Cloud Video resources.
The role can be granted by the user with the admin role for the cloud.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows managing (creating, editing, and deleting) resources.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see the Yandex Cloud role reference.