Assigning a role for a registry

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.

Run the following command to assign a role for a registry:

• To a user:

  yc cloud-registry registry add-access-binding <registry_name_or_ID> \
    --role <role> \
    --user-account-id <user_ID>
  

• To a service account:

  yc cloud-registry registry add-access-binding <registry_name_or_ID> \
    --role <role> \
    --service-account-id <service_account_ID>
  

• To all authenticated users (the All authenticated users public group):

  yc cloud-registry registry add-access-binding <registry_name_or_ID> \
    --role <role> \
    --allAuthenticatedUsers
  

• To all users (the All users public group):

  yc cloud-registry registry add-access-binding <registry_name_or_ID> \
    --role <role> \
    --allUsers
  

  Where <role> is the role you want to assign.

To revoke all registry roles and assign new ones right away, use the yc cloud-registry registry set-access-bindings command.

Example

In the example below, we are assigning the cloud-registry.admin role for my-first-registry to a user.

yc cloud-registry registry add-access-binding my-first-registry \
  --role cloud-registry.admin \
  --user-account-id ajeugsk5ubk6********

Result:

done (4s)

Use the updateAccessBindings REST API method for the Registry resource or the RegistryService/UpdateAccessBindings gRPC API call.