Contact UsGet started
© 2024 Iron Hive LLC Belgrade

Enabling and disabling a service

Written by
Updated at November 18, 2024

Note

This feature is in the Preview stage.

In Yandex Identity and Access Management, you can enable and disable service access to user resources in a specific cloud.

Service access to resources can be managed by users with the admin or owner roles for the cloud.

Enabling a service

To grant access to user cloud resources to a service, you need enable the service:

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The cloud specified in the CLI profile is used by default. You can specify a different cloud in the --cloud-id parameter.

  1. View the description of the CLI command for enabling a service:

    yc iam service-control enable --help

  2. Get a list of services you can enable or disable with information on their statuses.

  3. Run the command, specifying the ID of the service to enable:

    yc iam service-control enable <service_ID>

    Result:

    done (31s)
service_id: dspm
resource:
  id: b1gmgc24pte8********
  type: resource-manager.cloud
updated_at: "2024-03-12T13:21:12.331340Z"
status: ENABLED

Use the enable REST API method for the ServiceControl resource or the ServiceControlService/Enable gRPC API call.

This will change the service status in the specified cloud to ENABLED and create the service agents with permissions to manage user resources in this cloud.

Disabling a service

If a service has resources with access to the other user resources in this cloud, you cannot disable this service. To disable such a service, first delete all the service resources that have access to the other user resources.

To revoke the service's access to the user resources in the cloud, disable the service:

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The cloud specified in the CLI profile is used by default. You can specify a different cloud in the --cloud-id parameter.

  1. View the description of the CLI command for disabling a service:

    yc iam service-control disable --help

  2. Get a list of services you can enable or disable with information on their statuses.

  3. Run the command, specifying the ID of the service to disable:

    yc iam service-control disable <service_ID>

    Result:

    done (17s)
service_id: dspm
resource:
  id: b1gmgc24pte8********
  type: resource-manager.cloud
updated_at: "2024-03-13T09:40:40.339678Z"
status: DISABLED

Use the disable REST API method for the ServiceControl resource or the ServiceControlService/Disable gRPC API call.

As a result, the status of the service in the specified cloud will change to DISABLED, its service agents will be deleted, and the service will lose access to user resources in this cloud.

See also

Previous
Viewing the status of services
Next
All tutorials