Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
  • Blog
  • Pricing
  • Documentation
Yandex project
© 2025 Yandex.Cloud LLC
Yandex Security Deck
    • All guides
      • Viewing a list of access permissions
      • Revoking an access permission
  • Pricing policy
  1. Step-by-step guides
  2. Cloud Infrastructure Entitlement Management (CIEM)
  3. Revoking an access permission

Revoking subject's access

Written by
Yandex Cloud
Updated at March 31, 2025

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Cloud Infrastructure Entitlement Management provides a centralized view of the list of accesses to the organization's resources available to the subjects and groups and revoke them as needed.

Accesses can be revoked by a user with the admin, resource-manager.admin, organization-manager.admin, resource-manager.clouds.owner, or organization-manager.organizations.owner role, or with the admin role for the service to whose resource the subject’s access is being revoked.

To revoke a subject's access (role) for a resource:

  1. Open the list of the subject's accesses and select the one you want to revoke.

    Use filtering by resource ID, role ID, or access assignment method (Directly appointed or Assigned via group), if required.

  2. Revoke access based on the assignment method used:

    Direct assignment
    Group-based assignment

    If access is assigned to the subject directly (the Group field is left blank):

    1. In the row with the access you need, click and select Revoke access.
    2. In the window that opens, verify info on the resource you are revoking access to and select the roles to revoke.
    3. Click Revoke all (or Revoke selected if you left some roles unselected).

    If access is assigned to the subject through a group (the Group field contains the group name and ID), such access cannot be revoked from the subject. Instead, you can either remove the subject from this user group or revoke the access from the whole group.

    • To remove a subject from a user group:

      1. In the row with the access, click and select Remove from group.
      2. In the window that opens, review the list of accesses the subject will lose when removed from the group, and click Remove.

      You cannot remove a subject from a system group or public group. To revoke access granted through one of these groups, you have to revoke that access from the whole group.

    • To revoke access from the whole group, open the list of accesses for that group and follow the guide on how to revoke directly assigned access.

    See alsoSee also

    • Viewing a list of a subject's accesses
    • Cloud Infrastructure Entitlement Management (CIEM)
    • Access management in Yandex Security Deck

Was the article helpful?

Previous
Viewing a list of access permissions
Next
Overview
Yandex project
© 2025 Yandex.Cloud LLC