Yandex Cloud
Search
Contact UsTry it for free
  • Customer Stories
  • Documentation
  • Blog
  • All Services
  • System Status
  • Marketplace
    • Featured
    • Infrastructure & Network
    • Data Platform
    • AI for business
    • Security
    • DevOps tools
    • Serverless
    • Monitoring & Resources
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Center for Technologies and Society
    • Yandex Cloud Partner program
    • Price calculator
    • Pricing plans
  • Customer Stories
  • Documentation
  • Blog
© 2026 Direct Cursus Technology L.L.C.
Yandex Identity and Access Management
    • All guides
    • Handling secrets that are available in the public domain
    • Users
    • User groups
      • Getting a list of supported policies
      • Assigning a policy for a resource
      • Viewing policies assigned for a resource
      • Revoking a policy
  • Secure use of Yandex Cloud
  • Access management
  • Pricing policy
  • Role reference
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes

In this article:

  • Assigning an access policy for a folder
  • Assigning an access policy for a cloud
  • Assigning an access policy for an organization
  1. Step-by-step guides
  2. Access policies
  3. Assigning a policy for a resource

Assigning an access policy

Written by
Yandex Cloud
Updated at February 25, 2026
  • Assigning an access policy for a folder
  • Assigning an access policy for a cloud
  • Assigning an access policy for an organization

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies complement the role system for more flexible access management.

You can assign an access policy for a folder, cloud, or organization.

Note

To manage access policies, a user must have one of the following roles:

  • resource-manager.admin or admin for the folder or cloud to manage access policies at the folder or cloud level, respectively.
  • organization-manager.admin or admin for the organization to manage access policies at the organization level.

Assigning an access policy for a folderAssigning an access policy for a folder

To assign an access policy for a folder:

CLI
API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of supported access policies with their IDs.

  2. Run this command:

    yc resource-manager folder bind-access-policy \
      --name <folder_name> \
      --access-policy-template-id=<access_policy_ID>
    

    Where:

    • --name: Name of the folder to assign the policy for. Instead of the folder name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy to assign for the folder.
  3. Make sure the policy was assigned.

Use the bindAccessPolicy REST API method for the Folder resource or the FolderService/BindAccessPolicy gRPC API call.

The assigned access policy will apply to all resources in the specified folder.

Assigning an access policy for a cloudAssigning an access policy for a cloud

To assign an access policy for a cloud, follow these steps:

CLI
API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of supported access policies with their IDs.

  2. Run this command:

    yc resource-manager cloud bind-access-policy \
      --name <cloud_name> \
      --access-policy-template-id=<access_policy_ID>
    

    Where:

    • --name: Name of the cloud you want to assign the access policy for. Instead of the cloud name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to assign for the cloud.
  3. Make sure the policy was assigned.

Use the bindAccessPolicy REST API method for the Cloud resource or the CloudService/BindAccessPolicy gRPC API call.

The assigned access policy will apply to resources within all folders in the specified cloud.

Assigning an access policy for an organizationAssigning an access policy for an organization

To assign an access policy for an organization:

CLI
API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of supported access policies with their IDs.

  2. Run this command:

    yc organization-manager organization bind-access-policy \
      --name <organization_name> \
      --access-policy-template-id=<access_policy_ID>
    

    Where:

    • --name: Name of the organization you want to assign the policy to. Instead of the organization name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to assign to the specified organization.
  3. Make sure the policy was assigned.

Use the bindAccessPolicy REST API method for the Organization resource or the OrganizationService/BindAccessPolicy gRPC API call.

The assigned access policy will apply to resources within all clouds in the specified organization.

See alsoSee also

  • Access policies
  • Getting a list of supported access policies
  • Viewing assigned access policies
  • Revoking an access policy

Was the article helpful?

Previous
Getting a list of supported policies
Next
Viewing policies assigned for a resource
© 2026 Direct Cursus Technology L.L.C.