Viewing roles assigned for a resource
- In the management console, select the folder where you want to view the roles assigned for a resource.
- Go to Container Registry.
- Select a registry or repository in it.
- Navigate to the Access bindings tab.
- Find the required user, group, or service account in the list. Assigned roles are specified in the Roles column.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
Run this command:
yc container <resource> list-access-bindings <resource_name_or_ID>
Where:
<resource>:registryorrepositoryresource type.<resource_name_or_ID>: Name or ID of the resource you want to view the assigned roles for.
Example
yc container registry list-access-bindings my-first-registry
Result:
+--------------------------+---------------+----------------------+
| ROLE ID | SUBJECT TYPE | SUBJECT ID |
+--------------------------+---------------+----------------------+
| container-registry.admin | federatedUser | ajekv7lpqpgu******** |
+--------------------------+---------------+----------------------+
Use the listAccessBindings REST API method for the Registry resource or the RegistryService/listAccessBindings gRPC API call.
Use the listAccessBindings REST API method for the Repository resource or the RepositoryService/listAccessBindings gRPC API call.
You can read more about role management in the Yandex Identity and Access Management documentation.