Get started
Yandex Compute Cloud

Method setAccessBindings

Sets access bindings for the specified instance group.

HTTP request

POST https://compute.api.cloud.yandex.net/compute/v1/instanceGroups/{resourceId}:setAccessBindings

Path parameters

Parameter Description
resourceId Required. ID of the resource for which access bindings are being set. To get the resource ID, use a corresponding List request. The maximum string length in characters is 50.

Body parameters

{
  "accessBindings": [
    {
      "roleId": "string",
      "subject": {
        "id": "string",
        "type": "string"
      }
    }
  ]
}
Field Description
accessBindings[] object

Required. Access bindings to be set. For more information, see Access Bindings.
accessBindings[].
roleId		 string

Required. ID of the Role that is assigned to the subject.

The maximum string length in characters is 50.
accessBindings[].
subject		 object

Required. Identity for which access binding is being created. It can represent an account with a unique ID or several accounts with a system identifier.
accessBindings[].
subject.
id		 string

Required. ID of the subject.

It can contain one of the following values:

  • allAuthenticatedUsers: A special system identifier that represents anyone who is authenticated. It can be used only if the type is system.
  • allUsers: A special system identifier that represents anyone. No authentication is required. For example, you don't need to specify the IAM token in an API query.
  • <cloud generated id>: An identifier that represents a user account. It can be used only if the type is userAccount, federatedUser or serviceAccount.

The maximum string length in characters is 50.
accessBindings[].
subject.
type		 string

Required. Type of the subject.

It can contain one of the following values:

  • userAccount: An account on Yandex or Yandex.Connect, added to Yandex.Cloud.
  • serviceAccount: A service account. This type represents the ServiceAccount resource.
  • federatedUser: A federated account. This type represents a user from an identity federation, like Active Directory.
  • system: System group. This type represents several accounts with a common system identifier.

For more information, see Subject to which the role is assigned.

The maximum string length in characters is 100.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "description": "string",
  "createdAt": "string",
  "createdBy": "string",
  "modifiedAt": "string",
  "done": true,
  "metadata": "object",

  //  includes only one of the fields `error`, `response`
  "error": {
    "code": "integer",
    "message": "string",
    "details": [
      "object"
    ]
  },
  "response": "object",
  // end of the list of possible fields

}

An Operation resource. For more information, see Operation.

Field Description
id string

ID of the operation.
description string

Description of the operation. 0-256 characters long.
createdAt string (date-time)

Creation timestamp.

String in RFC3339 text format.
createdBy string

ID of the user or service account who initiated the operation.
modifiedAt string (date-time)

The time when the Operation resource was last modified.

String in RFC3339 text format.
done boolean (boolean)

If the value is false, it means the operation is still in progress. If true, the operation is completed, and either error or response is available.
metadata object

Service-specific metadata associated with the operation. It typically contains the ID of the target resource that the operation is performed on. Any method that returns a long-running operation should document the metadata type, if any.
error object
The error result of the operation in case of failure or cancellation.
includes only one of the fields error, response

The error result of the operation in case of failure or cancellation.
error.
code		 integer (int32)

Error code. An enum value of google.rpc.Code.
error.
message		 string

An error message.
error.
details[]		 object

A list of messages that carry the error details.
response object
includes only one of the fields error, response

The normal response of the operation in case of success. If the original method returns no data on success, such as Delete, the response is google.protobuf.Empty. If the original method is the standard Create/Update, the response should be the target resource of the operation. Any method that returns a long-running operation should document the response type, if any.
In this article: