Contact UsGet started

Viewing a list of a subject's accesses

Written by
Updated at March 31, 2025

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Cloud Infrastructure Entitlement Management (CIEM) provides a centralized view of the full list of access permissions for the organization's resources available to individual subjects and groups.

Only organization members with the organization-manager.viewer role or higher for the organization can view access permissions in the Security Deck interface.

To get a list of a subject's accesses to the organization's resources:

  1. Log in as an organization user with the organization-manager.viewer role or higher for the organization.

  2. Go to Yandex Security Deck.

  3. In the left-hand panel, select CIEM.

  4. Click Select subject and in the window that opens:

    1. Select the user, service account, user group, system group, or public group you need.

      You may want to use the search feature.

    2. Click Select.

This will open a list of accesses assigned to the selected subject. For each access, the list indicates the name/ID and type of resource, the role assigned to the subject for that resource, and information about whether the role was assigned to the subject directly or inherited from a group of which the subject is a member.

If the selected subject has multiple accesses, only some of them will be displayed. To display the remaining access permissions, сlick Load more at the bottom of the page.

Use filtering by resource ID, role ID, or access assignment method (Directly appointed or Assigned via group) as needed.

Cloud Infrastructure Entitlement Management does not display subjects' access permissions for Yandex DataLens billing accounts and resources.

See also

Previous
Creating a scan
Next
Revoking an access permission