Access management in Monitoring
Yandex Cloud users can only perform operations on resources that are allowed by the roles assigned to them. If a user does not have any roles assigned, almost all operations are forbidden.
To allow access to Yandex Monitoring resources, assign the required roles from the list below to the Yandex account, service account, federated users, user group, or system group.
Currently, a role can only be assigned to a parent resource (folder or cloud). Roles are inherited by nested resources.
Only users with the admin
, resource-manager.clouds.owner
, or organization-manager.organizations.owner
role for a resource can assign roles for this resource.
Note
For more information about role inheritance, see Inheritance of access rights in the Yandex Resource Manager documentation.
Assigning roles
To assign a user a role:
- Add the required user if needed.
- In the management console
, select the appropriate cloud in the list on the left. - Go to the Access bindings tab.
- Click Assign bindings.
- In the Configuring access bindings window, click
- Select a user from the list or search by user.
- Click
- Select a role in the cloud.
- Click Save.
Which roles exist in the service
The list below shows all roles that are considered when verifying access rights in the Yandex Monitoring service.
Service roles
monitoring.viewer
The monitoring.viewer
role grants permission to view the created dashboards and widgets, as well as the uploaded metrics.
monitoring.editor
The monitoring.editor
role grants permission to create dashboards and widgets as well as upload metrics and manage alerts.
The monitoring.editor
role also includes all permissions of the monitoring.viewer
role.
monitoring.admin
The monitoring.admin
role grants permission to create dashboards and widgets as well as upload metrics and manage alerts.
The monitoring.admin
role also includes all permissions of the monitoring.editor
role.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows you to manage resources, e.g., create, edit, and delete them.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see Roles.