Viewing access policies created for a resource
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies are based on templates and complement the role system for more flexible access management.
You can create access policies for a folder, cloud, or organization.
Note
To manage access policies, a user must have one of the following roles:
resource-manager.adminoradminfor the folder or cloud to manage access policies at the folder or cloud level, respectively.organization-manager.adminoradminfor the organization to manage access policies at the organization level.
Viewing access policies created for a folder
To view a list of access policies created for a folder:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
Run this command by specifying the name or ID of the folder for which you want to view the new policies:
yc resource-manager folder list-access-policy-bindings <folder_name_or_ID>
Result:
+---------------------------------------+
| ACCESS POLICY TEMPLATE ID |
+---------------------------------------+
| iam.denyServiceAccountApiKeysCreation |
+---------------------------------------+
Use the listAccessPolicyBindings REST API method for the Folder resource or the FolderService/ListAccessPolicyBindings gRPC API call.
Viewing access policies created for a cloud
To view the list of cloud access policies:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
Run the command, specifying the name or ID of the cloud for which you want to view the created policies:
yc resource-manager cloud list-access-policy-bindings <cloud_name_or_ID>
Result:
+---------------------------------------+
| ACCESS POLICY TEMPLATE ID |
+---------------------------------------+
| iam.denyServiceAccountApiKeysCreation |
+---------------------------------------+
Use the listAccessPolicyBindings REST API method for the Cloud resource or the CloudService/ListAccessPolicyBindings gRPC API call.
Viewing access policies created for an organization
To view the list of organization access policies:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
Run the command, specifying the name or ID of the organization for which you want to view the created policies:
yc organization-manager organization list-access-policy-bindings <organization_name_or_ID>
Result:
+------------------------------+
| ACCESS POLICY TEMPLATE ID |
+------------------------------+
| organization.denyUserListing |
+------------------------------+
Use the listAccessPolicyBindings REST API method for the Organization resource or the OrganizationService/ListAccessPolicyBindings gRPC API call.