Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Cloud Billing
  • Getting started
  • Access management
  • Pricing policy
  • Terraform reference
  • Audit Trails events

In this article:

  • Billing account access
  • Roles existing in this service
  • Service roles
  • Primitive roles
  • Available operations
  • Adding a user
  • Assigning roles
  • Revoking roles
  • Deleting a user

Access management in Yandex Cloud Billing

Written by
Yandex Cloud
Updated at April 24, 2025
  • Billing account access
  • Roles existing in this service
    • Service roles
    • Primitive roles
    • Available operations
  • Adding a user
  • Assigning roles
  • Revoking roles
  • Deleting a user

Billing account accessBilling account access

Access to the billing account can be provided via the Yandex Cloud Billing interface or the Yandex Cloud API. A billing account can be created by users with a registered Yandex or Yandex 360 account:

  • If you or your employee have no account yet, create one on Yandex or Yandex 360.
  • If using a social network profile to log in to Yandex, create a username and password.

The operations a user can perform on a billing account depend on the assigned role. You can assign roles to a Yandex account, service account, federated users, user group, system group, or public group.

Note

Access can only be granted to a user whose billing account has a cloud linked in Identity and Access Management.

Roles existing in this serviceRoles existing in this service

Service rolesService roles

billing.accounts.ownerbilling.accounts.owner

When creating your billing account, you get the billing.accounts.owner role automatically. It cannot be revoked, but you can assign it to other users and then revoke from them.

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View client offers.
  • View info on the access permissions granted for the relevant billing accounts and modify such permissions.
  • Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
  • View and download reporting (or closing) documents.
  • Generate new reconciliation reports.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
  • Export details.
  • Create budgets.
  • Reserve resource usage.
  • Top up their personal account using a bank account.
  • Top up their personal account using a credit or debit card.
  • Link clouds to a billing account.
  • Rename billing accounts.
  • Changing payer contact details.
  • Change payment details.
  • Change their credit or debit card details.
  • Change the payment method.
  • Redeem promo codes.
  • Activate the trial period.
  • Activate the paid version.
  • Delete billing accounts.
On the Yandex Cloud partner portal, users with this role can:
  • Create customer records (subaccounts).
  • View the list of subaccounts and info on them.
  • Update subaccount records.
  • Activate subaccounts.
  • Suspend subaccounts.
  • Re-activate subaccounts.
  • Delete subaccounts without customer confirmation.
  • Link clouds to subaccounts.
  • Manage access permissions to subaccounts.
  • View the details of how the customers use services.
  • View rebate credit history.
  • Withdraw rebate.
  • View assigned specializations.
  • View the list of partner discounts and info on them.
  • View the history of crediting referral program bonuses.
  • Withdraw referral program bonuses.
  • View the status of settlements with the referrer company.
  • View the list of referral links.
  • Create referral links.
  • Activate referral links.
  • Modify referral links.

This role also includes the billing.accounts.admin permissions.

billing.accounts.viewerbilling.accounts.viewer

To use the billing.accounts.viewer role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, and export reconciliation reports and reporting documents.

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View and download reporting (or closing) documents.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
On the Yandex Cloud partner portal, users with this role can:
  • View the list of subaccounts and info on them.
  • View the details of how the customers use services.
  • View assigned specializations.
  • View the list of partner discounts and info on them.
  • View the history of crediting referral program bonuses.
  • View the status of settlements with the referrer company.
  • View the list of referral links.

billing.accounts.accountantbilling.accounts.accountant

To use the billing.accounts.accountant role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, export reconciliation reports and reporting documents, create new reconciliation reports, and top up your personal account using a bank account.

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View and download reporting (or closing) documents.
  • Generate new reconciliation reports.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
  • Top up their personal account using a bank account.
On the Yandex Cloud partner portal, users with this role can:
  • View the list of subaccounts and info on them.
  • View the details of how the customers use services.
  • View rebate credit history.
  • Withdraw rebate.
  • View assigned specializations.
  • View the list of partner discounts and info on them.
  • View the history of crediting referral program bonuses.
  • View the status of settlements with the referrer company.
  • View the list of referral links.

This role also includes the billing.accounts.viewer permissions.

billing.accounts.editorbilling.accounts.editor

To use the billing.accounts.editor role, you need to assign it for a billing account. It enables you to get payment invoices, redeem promo codes, link clouds and services to your billing account, create details export and budgets, generate reconciliation reports, and reserve resources.

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View client offers.
  • View and download reporting (or closing) documents.
  • Generate new reconciliation reports.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
  • Export details.
  • Create budgets.
  • Reserve resource usage.
  • Top up their personal account using a bank account.
  • Link clouds to a billing account.
  • Rename billing accounts.
  • Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
  • Create customer records (subaccounts).
  • View the list of subaccounts and info on them.
  • Activate subaccounts.
  • Suspend subaccounts.
  • Re-activate subaccounts.
  • Link clouds to subaccounts.
  • View the details of how the customers use services.
  • View rebate credit history.
  • Withdraw rebate.
  • View assigned specializations.
  • View the list of partner discounts and info on them.
  • View the history of crediting referral program bonuses.
  • Withdraw referral program bonuses.
  • View the status of settlements with the referrer company.
  • View the list of referral links.
  • Create referral links.
  • Activate referral links.
  • Modify referral links.

This role also includes the billing.accounts.viewer permissions.

billing.accounts.adminbilling.accounts.admin

To use the billing.accounts.admin role, you need to assign it for a billing account. It enables managing access to a billing account (except for billing.accounts.owner).

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View client offers.
  • View info on the access permissions granted for the relevant billing accounts and modify such permissions (except for assigning and revoking the billing.accounts.owner role).
  • Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
  • View and download reporting (or closing) documents.
  • Generate new reconciliation reports.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
  • Export details.
  • Create budgets.
  • Reserve resource usage.
  • Top up their personal account using a bank account.
  • Link clouds to a billing account.
  • Rename billing accounts.
  • Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
  • Create customer records (subaccounts).
  • View the list of subaccounts and info on them.
  • Activate subaccounts.
  • Suspend subaccounts.
  • Re-activate subaccounts.
  • Link clouds to subaccounts.
  • Manage access permissions to subaccounts.
  • View the details of how the customers use services.
  • View rebate credit history.
  • Withdraw rebate.
  • View assigned specializations.
  • View the list of partner discounts and info on them.
  • View the history of crediting referral program bonuses.
  • Withdraw referral program bonuses.
  • View the status of settlements with the referrer company.
  • View the list of referral links.
  • Create referral links.
  • Activate referral links.
  • Modify referral links.

This role also includes the billing.accounts.editor and billing.partners.editor permissions.

billing.accounts.memberbilling.accounts.member

The billing.accounts.member role is granted automatically when a user is added to the service. It is required to display the selected billing account in the list of all user accounts.

billing.accounts.varWithoutDiscountsbilling.accounts.varWithoutDiscounts

To use the billing.accounts.varWithoutDiscounts role, you need to assign it for a billing account. This role grants partner accounts all administrator privileges, except the permission to get information about discounts.

In Yandex Cloud Billing, users with this role can:
  • Display billing accounts in the list of all accounts.
  • View billing account data.
  • View info on the access permissions granted for the relevant billing accounts.
  • View and download reporting (or closing) documents.
  • Generate new reconciliation reports.
  • View and download generated reconciliation reports.
  • Get and view notifications on consumption.
  • Monitor expenses.
  • View usage details.
  • Export details.
  • Create budgets.
  • Reserve resource usage.
  • Top up their personal account using a bank account.
  • Link clouds to a billing account.
  • Rename billing accounts.
  • Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
  • Create customer records (subaccounts).
  • View the list of subaccounts and info on them.
  • Activate subaccounts.
  • Suspend subaccounts.
  • Re-activate subaccounts.
  • Link clouds to subaccounts.
  • Manage access permissions to subaccounts.
  • View the details of how the customers use services.
  • View rebate credit history.
  • Withdraw rebate.
  • View the history of crediting referral program bonuses.
  • Withdraw referral program bonuses.
  • View the status of settlements with the referrer company.
  • Create referral links.
  • Activate referral links.
  • Modify referral links.

This role also includes the billing.partners.editor permissions.

billing.partners.editorbilling.partners.editor

The billing.partners.editor role is assigned for a billing account. It grants permission to edit information about a partner and their products in the partner product catalog.

Primitive rolesPrimitive roles

Primitive roles are aggregator roles that define user permissions to access services. In Yandex Cloud Billing, these roles match the following billing.accounts.* roles:

  • auditor: Same as billing.accounts.viewer with some limitations.
  • viewer: Same as billing.accounts.viewer.
  • editor: Same as billing.accounts.editor.
  • admin: Same as billing.accounts.admin.

Primitive roles can only be assigned to users in the Users list.

Available operationsAvailable operations

The table below provides a list of operations available to each role type.

Operations owner viewer accountant editor admin
Displaying a billing account in the list of all user accounts
Viewing billing account information
Viewing and receiving usage notifications
Viewing and downloading reporting (closing) documents
Viewing and downloading generated reconciliation reports
Checking expenses
Accessing usage details
Topping up your personal account using a bank account
Generating a new reconciliation report
Activating promo codes
Linking clouds to billing accounts
Creating details export
Creating budget
Resource allocation
Renaming a billing account
Viewing commercial offers
Assigning roles to billing accounts
Viewing and editing roles
Managing technical support plan
Changing payer contact details
Changing billing details
Changing bank cards
Changing payment methods
Activating trial period
Activating paid version
Topping up your personal account using a credit or debit card
Accepting commercial offers

Adding a userAdding a user

The steps for adding a new billing account user depend on whether this billing account is added to your organization.

For accounts added to an organization
For accounts not added to an organization

Assign the required role for the billing account to a user or service account in your organization.

Note

To add a new billing account user, you need the billing.accounts.owner or billing.accounts.admin role.

  1. Go to Yandex Cloud Billing.

  2. Select a billing account.
  3. Go to the Access management page.
  4. At the top right, click Add user.
  5. Select a user from the drop-down list. The list shows users whose clouds are linked to your billing account.
  6. Click Add.

The user or service account will get the billing.accounts.member role and included in the Users list. To grant billing account access, assign them the required role.

Assigning rolesAssigning roles

The steps for assigning a billing account role depend on whether this billing account is added to your organization.

For accounts added to an organization
For accounts not added to an organization

A user with the billing.accounts.admin role can grant access to the billing account to any user or service account within the same organization. To do this:

  1. Make sure that the user you need belongs to your organization. If not, add them.

  2. Go to Yandex Cloud Billing.

  3. Select a billing account.

  4. In the left-hand panel, select Access management.

  5. At the top right, click Assign roles. In the window that opens:

    1. Select a user, service account, or user group. If required, use the search bar.
    2. Click Add role and select the role.
    3. Click Save.

Note

If you assign the Yandex Cloud Billing service role to an organization, all billing accounts within this organization will also assume this role.

A user with the billing.accounts.admin role can grant access to the billing account to any user or service account on the Users list. To do this:

  1. Go to Yandex Cloud Billing.

  2. Select a billing account.

  3. In the left-hand panel, select Access management.

  4. Find the required user, service account, or user group in the users list or use the filter.

  5. In the line with the required user, service account, or group, click and select Edit roles. In the window that opens:

    1. Click Add role.
    2. Select a role from the list.
    3. Click Save.

The role will be assigned without expiration.

Revoking rolesRevoking roles

The steps for revoking a billing account role depend on whether this billing account is added to your organization.

For accounts added to an organization
For accounts not added to an organization

A user with the billing.accounts.admin role can revoke a billing account role from a user or service account in their organization at any time. To do this:

  1. Go to Yandex Cloud Billing.

  2. Select a billing account.

  3. In the left-hand panel, select Access management.

  4. Find the required user, service account, or user group in the users list or use the filter.

  5. In the line with the required user, service account, or group, click and select Edit roles. In the window that opens:

    1. Click to the right of the role you want to revoke.
    2. Click Save. The role will be revoked.

A user with the billing.accounts.admin role can revoke a billing account role from a user or service account on the list at any time. To do this:

  1. Go to Yandex Cloud Billing.

  2. Select a billing account.

  3. In the left-hand panel, select Access management.

  4. Find the required user, service account, or user group in the users list or use the filter.

  5. In the line with the required user, service account, or group, click and select Edit roles. In the window that opens:

    1. Click to the right of the role you want to revoke.
    2. Click Save. The role will be revoked.

Note

If the billing.accounts.member role is revoked, the user will not be able to access the billing account.

Deleting a userDeleting a user

You can only delete users from those billing accounts that are not added to an organization. To do this:

  1. Go to Yandex Cloud Billing.

  2. Select a billing account.
  3. Find the user or service account in the list.
  4. In the line with the user or service account, click and select Remove user.
  5. This deletes the user from the list of the billing account users.

If the billing account is added to an organization, you can simply revoke the required role from a user or service account. You can remove a user from the organization to prevent them from accessing any of its clouds or resources.

Was the article helpful?

Previous
Cost analysis by resource using Object Storage
Next
Pricing policy
© 2025 Direct Cursus Technology L.L.C.