Getting a list of supported access policies
Written by
Updated at February 25, 2026
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies complement the role system for more flexible access management.
To get a list of supported access policies:
CLI
API
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
Run this command:
yc iam access-policy-template list
Result:
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| ID | NAME | DESCRIPTION |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
| iam.denyServiceAccountAccessKeysCreation | iam-deny-service-account-access-keys-creation | Deny creation of service |
| | | account access keys |
| iam.denyServiceAccountApiKeysCreation | iam-deny-service-account-api-keys-creation | Deny creation of service |
| | | account api keys |
| iam.denyServiceAccountAuthorizedKeysCreation | iam-deny-service-account-authorized-keys-creation | Deny creation of service |
| | | account authorized keys |
| iam.denyServiceAccountCreation | iam-deny-service-account-creation | Deny creation of service |
| | | accounts |
| iam.denyServiceAccountCredentialsCreation | iam-deny-service-account-credentials-creation | Deny creation of service |
| | | account credentials |
| iam.denyServiceAccountFederatedCredentialsCreation | iam-deny-service-account-federated-credentials-creation | Deny creation of service |
| | | account federated credentials |
| iam.denyServiceAccountImpersonation | iam-deny-service-account-impersonation | Deny impersonation into the |
| | | service account |
| organization.denyMemberInvitation | organization-deny-member-invitation | Deny invitation of new members |
| | | to the organization |
| organization.denyUserListing | organization-deny-user-listing | Deny listing of users in the |
| | | organization |
+----------------------------------------------------+---------------------------------------------------------+--------------------------------+
Use the list REST API method for the AccessPolicyTemplate resource or the AccessPolicyTemplateService/List gRPC API call.