Access management in Vision OCR
In this section, you will learn:
About access management
In Yandex Cloud, all transactions are checked in Yandex Identity and Access Management. If a subject does not have the required permission, the service returns an error.
To grant permission for a resource, assign roles for this resource to the subject that will perform operations. Roles can be assigned to a Yandex account, a service account, federated users, a user group, or a system group. For more information, see How access management works in Yandex Cloud.
Only users with the admin
, resource-manager.clouds.owner
, or organization-manager.organizations.owner
role for a resource can assign roles for this resource.
Which resources you can assign a role for
Like other services, roles can be assigned for a cloud or folder. The roles assigned for clouds and folders also apply to nested resources.
Which roles exist in the service
Service roles
ai.vision.user
The ai.vision.user
role allows you to use Yandex Vision OCR to analyze images, as well as view info on the relevant cloud, folder, and quotas.
ai.auditor
The ai.auditor
role enables you to view quotas for Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models, as well as read the folder metadata.
ai.viewer
The ai.viewer
role enables you to view quotas for Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models, as well as view the folder info.
This role also includes the ai.auditor
permissions.
ai.editor
The ai.editor
role allows you to use Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models.
Users with this role can:
- Use Yandex Translate to translate texts.
- Use Yandex Vision OCR to analyze images.
- Use Yandex SpeechKit for speech recognition and synthesis.
- Use YandexGPT API language models for text generation and YandexART models for image generation within Yandex Foundation Models.
- View information on the relevant cloud and folder.
- View information on Translate, Vision, SpeechKit, and Foundation Models quotas.
This role includes the following roles' permissions: ai.viewer
, ai.translate.user
, ai.vision.user
, ai.speechkit-stt.user
, ai.speechkit-tts.user
, ai.languageModels.user
, ai.imageGeneration.user
.
ai.admin
The ai.admin
role allows you to use Yandex Translate, Yandex Vision, Yandex SpeechKit, and Yandex Foundation Models.
Users with this role can:
- Use Yandex Translate to translate texts.
- Use Yandex Vision OCR to analyze images.
- Use Yandex SpeechKit for speech recognition and synthesis.
- Use YandexGPT API language models for text generation and YandexART models for image generation within Yandex Foundation Models.
- View information on the relevant cloud and folder.
- View information on Translate, Vision, SpeechKit, and Foundation Models quotas.
This role also includes the ai.editor
permissions.
For more information about service roles, see Roles in the Yandex Identity and Access Management service documentation.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows you to manage resources, e.g., create, edit, and delete them.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see Roles.