Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Yandex Identity and Access Management release notes

Written by
Updated at January 29, 2026

Labels next to update description indicate the interface supporting the update: management console, CLI, API, or Terraform.

December 2025

  • Added the yc iam access-key issue-ephemeral command for issuing ephemeral keys. CLI

  • Added support for the yandex_iam_oauth_client_secret resource to manage OAuth client secrets. Terraform

  • Added the labels field to the yandex_iam_service_account resource to work with labels. Terraform

  • For the yandex_iam_oauth_client resource, changed the scopes and redirect_uris fields to the set type to prevent comparison collisions. Terraform

  • Added the following roles:

    Yandex Cloud Backup
    User role Description
    backup.user Enables connecting backup providers, connecting VMs and Yandex BareMetal servers to Cloud Backup, associating and disassociating backup policies with VMs and Yandex BareMetal servers, and viewing Cloud Backup resource and quota details.
    Yandex Managed Service for MySQL®
    User role Description
    managed-mysql.clusters.connector Enables Yandex Cloud users to connect to databases in Yandex Managed Service for MySQL® clusters via Yandex Identity and Access Management.
    Yandex Managed Service for PostgreSQL
    User role Description
    managed-postgresql.clusters.connector Enables Yandex Cloud users to connect to databases in Yandex Managed Service for PostgreSQL clusters via Yandex Identity and Access Management.
    Yandex Monium
    User role Description
    monium.admin Enables managing Monium resources, viewing and writing all types of telemetry data, and managing projects and access to projects.
    monium.editor Enables managing Monium resources, viewing and writing all types of telemetry data.
    monium.viewer Enables viewing details on Monium resources and reading all types of telemetry data.
    monium.auditor Enables viewing details on Monium resources.
    monium.alerts.editor Enables viewing the list of alerts, their settings, and trigger history, as well as creating, modifying, and deleting alerts.
    monium.alerts.viewer Enables viewing the list of alerts, their settings, and trigger history.
    monium.channels.editor Enables viewing the list of alert notification channels and their details, as well as creating, modifying, and deleting such channels.
    monium.channels.viewer Enables viewing the list of alert notification channels and their details.
    monium.contextLinks.editor Enables viewing configured context links on dashboard charts, as well as creating, editing, and deleting such links.
    monium.contextLinks.viewer Enables viewing configured context links on dashboard charts.
    monium.dashboards.editor Enables viewing dashboards and their widgets, as well as creating, editing, and deleting dashboards.
    monium.dashboards.viewer Enables viewing dashboards and their widgets.
    monium.escalationPolicies.editor Enables viewing the list of alert escalation policies and their settings, as well as creating, updating, and deleting such policies.
    monium.escalationPolicies.viewer Enables viewing the list of alert escalation policies and their settings.
    monium.escalations.editor Enables viewing details on alert notifications and escalations, as well as creating, editing, and deleting escalations.
    monium.escalations.viewer Enables viewing details on alert notifications and escalations.
    monium.logErrorLabels.editor Enables viewing, editing, and deleting the existing labels as well as adding new ones to errors in logs.
    monium.logErrorLabels.viewer Enables viewing labels for log errors.
    monium.logs.reader Enables reading logs and viewing log error statistics.
    monium.logs.writer Enables writing logs.
    monium.metrics.reader Enables reading metrics, their values, and labels.
    monium.metrics.writer Enables writing metrics.
    monium.mutes.editor Enables viewing, creating, editing, and deleting mutes, i.e., rules for temporarily disabling alert notifications.
    monium.mutes.viewer Enables viewing mutes, i.e., rules for temporarily disabling alert notifications.
    monium.quickLinks.editor Enables viewing the list of configured quick links and their details in the project menu, as well as creating, editing, and deleting such links.
    monium.quickLinks.viewer Enables viewing the list of configured quick links and their details in the project menu.
    monium.serviceLevelObjectives.editor Enables viewing configured service level objectives (SLOs), as well as creating, editing, and deleting them.
    monium.serviceLevelObjectives.viewer Enables viewing configured service level objectives (SLOs).
    monium.shards.editor Enables viewing details on shards, clusters, services and their quotas, as well as creating, updating, and deleting shards.
    monium.shards.viewer Enables viewing details on shards, clusters, services and their quotas.
    monium.telemetry.reader Enables reading all types of Monium telemetry data, such as metrics, logs, and distributed tracing data.
    monium.telemetry.writer Enables writing all types of Monium telemetry data, such as metrics, logs, and distributed tracing data.
    monium.traces.reader Enables viewing distributed tracing data.
    monium.traces.writer Enables writing distributed tracing data.
    Yandex MPP Analytics for PostgreSQL
    User role Description
    managed-greenplum.clusters.connector Enables Yandex Cloud users to connect to databases in Yandex MPP Analytics for PostgreSQL clusters via Yandex Identity and Access Management.
    Yandex Security Deck
    User role Description
    security-deck.alertSinks.admin Enables managing alert sinks and alerts, as well as access to them.
    security-deck.alertSinks.editor Enables managing alert sinks, alerts, and comments in them.
    security-deck.alertSinks.user Enables viewing details on alert sinks and using them.
    security-deck.alertSinks.viewer Enables viewing details on alerts and alert sinks as well as on access permissions granted for them.
    security-deck.alertSinks.auditor Enables viewing details on alert sinks and access permissions granted for them.

November 2025

  • Added the ability to view a list of subject’s accesses using the CLI and API. Management console CLI API

  • Added the following roles:

    Yandex Cloud Interconnect
    User role Description
    cic.admin Enables managing Cloud Interconnect resources.
    Yandex Cloud Router
    User role Description
    cloud-router.admin Enables managing Cloud Router resources.
    cloud-router.prefixEditor Enables managing IP prefixes of cloud subnets in routing instances, as well as viewing info on Cloud Router resources.
    Yandex Identity Hub
    User role Description
    organization-manager.idpInstances.billingAdmin Enables managing your subscription to the paid Identity Hub features.
    organization-manager.idpInstances.billingViewer Enables viewing the list of users who employ the Identity Hub authentication quota in the current reporting period, as well as viewing info on a subscription to the paid-for Identity Hub features and stats regarding the use of the quotas within this subscription.

October 2025

  • Supported managing service access to user resources via the management console. Management console

  • Added the following roles:

    Managed databases
    User role Description
    mdb.restorer Enables restoring managed database clusters from backups and grants read access to such clusters and their logs.
    Yandex Identity Hub
    User role Description
    organization-manager.groups.externalConverter Enables adding an attribute with an external group ID to Identity Hub user groups when synchronizing with user groups in Active Directory or another external source.
    organization-manager.groups.externalCreator Enables creating Identity Hub user groups when synchronizing with user groups in Active Directory or another external source.
    organization-manager.userpools.syncAgent Enables synchronizing Identity Hub users and groups with users and groups in Active Directory or another external source.
    Yandex Managed Service for Apache Kafka®
    User role Description
    managed-kafka.restorer Enables restoring Apache Kafka® clusters from backups, viewing information about such clusters and their logs, as well as information about Managed Service for Apache Kafka® quotas and resource operations.
    Yandex Managed Service for ClickHouse®
    User role Description
    managed-clickhouse.restorer Enables restoring ClickHouse® clusters from backups, viewing information about ClickHouse® clusters and their logs, as well as information about Managed Service for ClickHouse® quotas and resource operations.
    Yandex Managed Service for MySQL®
    User role Description
    managed-mysql.restorer Enables restoring MySQL® clusters from backups, viewing information about MySQL® clusters, hosts, databases, and users, cluster logs, as well as information about Managed Service for MySQL® quotas and resource operations.
    Yandex Managed Service for OpenSearch
    User role Description
    managed-opensearch.restorer Enables restoring OpenSearch clusters from backups, viewing information about OpenSearch clusters and their logs, as well as information about Managed Service for OpenSearch quotas and resource operations.
    Yandex Managed Service for PostgreSQL
    User role Description
    managed-postgresql.restorer Enables restoring PostgreSQL clusters from backups, viewing information about PostgreSQL clusters, hosts, databases, and users, cluster logs, as well as information about Managed Service for PostgreSQL quotas and resource operations.
    Yandex Managed Service for Sharded PostgreSQL
    User role Description
    managed-spqr.restorer Enables restoring Sharded PostgreSQL clusters from backups, viewing information about Sharded PostgreSQL clusters, hosts, databases, and users, cluster logs, as well as information about Managed Service for Sharded PostgreSQL quotas and resource operations.
    Yandex Managed Service for Valkey™
    User role Description
    managed-redis.restorer Enables restoring Valkey™ clusters from backups, viewing information about Valkey™ hosts and clusters, their logs, as well as information about Yandex Managed Service for Valkey™ quotas and resource operations.
    Yandex MPP Analytics for PostgreSQL
    User role Description
    managed-greenplum.restorer Enables restoring Greenplum® clusters from backups, viewing information about Greenplum® clusters and hosts, their logs, as well as information about Yandex MPP Analytics for PostgreSQL quotas and resource operations.
    Yandex StoreDoc
    User role Description
    managed-mongodb.restorer Enables restoring MongoDB clusters from backups, viewing information about MongoDB clusters, hosts, shards, databases, and users, cluster logs, as well as information about Yandex StoreDoc quotas and resource operations.

Q3 2025

  • Implemented management of OAuth client secrets using the CLI and API. CLI API
  • Added a group of commands for OAuth client management to the CLI and API. CLI API

Q2 2025

Q1 2025

  • Added new scopes for API keys and the ability to assign more than one scope per service. Management console CLI Terraform API
  • Workload identity federations are now available to all users. Management console CLI Terraform API
  • Added creating an ID token for service account, a special short-lived token for authentication in third-party systems. Management console CLI Terraform API

Q4 2024

Q3 2024

Q2 2024

  • Added the last used date info for service account access keys. You can find this info on the service account page in the management console or in the last_used_at field when using the API to invoke access key management methods. Management console API

Q1 2024

  • Added the Security Token Service component to get temporary access keys compatible with AWS S3 API. This feature is at the Preview stage. CLI API
  • Added OAuth client authentication support by authenticating a service account token.
  • Added the option of using masked token ID for Audit Trails logs.
  • Improved the key rotation mechanism in OpenID Connect.
Previous
Audit Trails events
Next
General questions