Roles

A role is a set of permissions to perform operations with resources in Yandex Cloud.

There are two types of roles:

• Primitive roles contain permissions that apply to all types of Yandex Cloud resources. These are roles such as admin, editor, viewer, and auditor.

• Service roles contain permissions only for a specific type of resource in a particular service. The service role ID is specified in service.resources.role format. For example, the compute.images.user role allows you to use images in Yandex Compute Cloud.

  A service role can be assigned for the resource the role is intended for or the one from which the permissions are inherited. For example, you can assign the compute.images.user role for a folder or cloud, because images inherit permissions from them.

Currently, users are not allowed to create new roles with a custom set of permissions.

Role referenceRole reference

Use casesUse cases

• Access control for user groups with different roles in Yandex Identity Hub
• Using a service account with an OS Login profile for VM management via Ansible