Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Enabling and disabling a service

Written by
Updated at October 20, 2025

Note

This feature is at the Preview stage.

In Yandex Identity and Access Management, you can enable and disable service access to user resources in a specific cloud.

Service access to resources can be managed by users with the admin or owner roles for the cloud.

Enabling a service

To grant access to user cloud resources to a service, you need enable the service:

  1. In the management console, select the relevant cloud.
  2. In the left-hand panel, click and select Permissions.
  3. In the service row, click and select Enable access.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the cloud specified in the CLI profile. You can set a different cloud in the --cloud-id parameter.

  1. View the description of the CLI command for enabling a service:

    yc iam service-control enable --help

  2. Get a list of services you can enable or disable with information on their statuses.

  3. Run the command, specifying the ID of the service to enable:

    yc iam service-control enable <service_ID>

    Result:

    done (31s)
service_id: dspm
resource:
  id: b1gmgc24pte8********
  type: resource-manager.cloud
updated_at: "2024-03-12T13:21:12.331340Z"
status: ENABLED

Use the enable REST API method for the ServiceControl resource or the ServiceControlService/Enable gRPC API call.

This will change the service status in the specified cloud to ENABLED and create the service agents with permissions to manage user resources in this cloud.

Disabling a service

If a service has resources with access to the other user resources in this cloud, you cannot disable this service. To disable such a service, first delete all the service resources that have access to the other user resources.

To revoke the service's access to the user resources in the cloud, disable the service:

  1. In the management console, select the relevant cloud.
  2. In the left-hand panel, click and select Permissions.
  3. In the row with the service at hand, click and select Disable access.

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the cloud specified in the CLI profile. You can set a different cloud in the --cloud-id parameter.

  1. View the description of the CLI command for disabling a service:

    yc iam service-control disable --help

  2. Get a list of services you can enable or disable with information on their statuses.

  3. Run the command, specifying the ID of the service to disable:

    yc iam service-control disable <service_ID>

    Result:

    done (17s)
service_id: dspm
resource:
  id: b1gmgc24pte8********
  type: resource-manager.cloud
updated_at: "2024-03-13T09:40:40.339678Z"
status: DISABLED

Use the disable REST API method for the ServiceControl resource or the ServiceControlService/Disable gRPC API call.

As a result, the status of the service in the specified cloud will change to DISABLED, its service agents will be deleted, and the service will lose access to user resources in this cloud.

See also

Previous
Viewing the status of services
Next
Setting up workload identity federations