Questions and answers about Identity and Access Management

General questionsGeneral questions

What is the service used for Yandex Identity and Access Management?What is the service used for Yandex Identity and Access Management?

The IAM service controls access to resources and lets you configure access rights. You determine who should have rights for a certain resource and what these rights are, while IAM grants access according to the assigned rights.

IAM allows you to:

• Invite new users to the cloud and delete them from it.
• Manage access rights to resources by assigning and revoking roles.
• Create service accounts. This is a special account used for managing Yandex Cloud resources via the API.
• Get an IAM token that is required for authorization via the API.

Other Yandex Cloud services use the IAM API to give you more control over access to their resources. For example, Yandex Compute Cloud grants an additional compute.images.user role to control access to disk images.

How do I get started with IAM?How do I get started with IAM?

To start working with IAM, you need to register with Yandex Cloud. After registration, you will be able to use the IAM features.

See Getting started with IAM to learn how to add a new user to your cloud and assign them a role.

How much does it cost to use the service IAM?How much does it cost to use the service IAM?

The IAM service can be used free of charge.

Can I get logs of my operations in Yandex Cloud?Can I get logs of my operations in Yandex Cloud?

Yes, you can request information about operations with your resources from Yandex Cloud logs. Do it by contacting support.

Logging in and accessing resourcesLogging in and accessing resources

How do I log in to the management console?How do I log in to the management console?

Go to the management console page.

If not logged in to your Yandex or Yandex 360 account yet, click Log in. If you do not have an account yet, click Register. For more information, see (https://yandex.com/support/passport/auth.html).

How are access permissions verified?How are access permissions verified?

Before performing an operation with a resource, such as creating a VM, IAM checks whether the user has all the required permissions. If the user doesn't have any of the permissions, the operation isn't performed and Yandex Cloud returns an error. For more information, see How access management works in Yandex Cloud.

What is a resource?What is a resource?

A resource is a Yandex Cloud entity that you can perform operations with, such as creating, updating, viewing, or deleting it. Examples of resources: VMs, disks, service accounts, clouds, and folders. For more information, see the Yandex Cloud resource hierarchy section of the Resource Manager documentation.