User groups
In organizations with many users, you may need to issue the same access permissions for Yandex Cloud resources to more than one user. In which case it is easier to issue roles and permissions to groups rather than individual users. Group members can get access to Yandex Cloud organizations, clouds, folders, and service accounts.
Other users will be able to manage the group if you grant them the relevant roles, e.g., organization-manager.groups.memberAdmin to view data and add group members.
In addition to groups created by the administrator, Yandex Cloud also has system groups (All users in organization X and All users in federation N) and public groups (All authenticated users and All users).
Groups may only have a one-level structure. You cannot create nested groups. Membership in a group provides all of its members with equal rights.
If you use user groups in your identity provider (IdP) when working with federations, you can map groups between the IdP and Cloud Organization.