Access management in Yandex Cloud Postbox
Yandex Cloud users can only perform operations on resources that are allowed by the roles assigned to them. If the user has no roles assigned, all operations are forbidden.
To allow access to Yandex Cloud Postbox resources, assign the required roles from the list below to the Yandex account, service account, federated users, user group, or system group. Currently, a role can only be assigned to a parent resource (folder or cloud). Roles are inherited by nested resources.
Note
For more information about role inheritance, see Inheritance of access rights in the Resource Manager documentation.
Which roles exist in the service
In Yandex Cloud Postbox, you can manage access using both service and primitive roles.
Service roles
postbox.sender
The postbox.sender
role allows you to send emails.
Users with this role can send emails from Yandex Cloud Postbox.
postbox.auditor
The postbox.auditor
role allows you to get information about Yandex Cloud Postbox addresses.
Users with this role can view address information and get a list of Yandex Cloud Postbox addresses.
postbox.viewer
The postbox.viewer
role allows you to get information about Yandex Cloud Postbox addresses.
Users with this role can view address information and get a list of Yandex Cloud Postbox addresses.
The role grants the same permissions as the postbox.auditor
role.
postbox.editor
The postbox.editor
role allows you to manage Yandex Cloud Postbox addresses and send emails.
Users with this role can create, update, and delete addresses, view address information, get a list of Yandex Cloud Postbox addresses, and send emails.
It includes the permissions of the postbox.viewer
role.
postbox.admin
The postbox.admin
role allows you to manage Yandex Cloud Postbox addresses and send emails.
Users with this role can create, update, and delete addresses, view address information, get a list of Yandex Cloud Postbox addresses, and send emails.
The role grants the same permissions as the postbox.editor
role.
Primitive roles
auditor
Grants permission to view service configuration and metadata without access to data.
viewer
Enables you to view information about resources.
editor
Allows managing (creating, editing, and deleting) resources.
admin
Allows you to manage your resources and access to them.
For more information about primitive roles, see the Yandex Cloud role reference.