Managing access to a Managed Service for ClickHouse® cluster

Written by

Yandex Cloud

Updated at February 13, 2026

Getting a list of roles assigned for a cluster
Assigning a role
Assigning multiple roles
Revoking a role
Examples
- Granting cluster management access to a service account

You can assign a user or service account a role that grants access to a specific cluster.

Thus, you can granularly assign different roles for particular clusters to different users and service accounts.

Getting a list of roles assigned for a cluster

CLI

REST API

gRPC API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To get a list of clusters in the default folder, run this command:
```
yc managed-clickhouse cluster list
```

To get a list of roles assigned for the cluster, run this command:

yc managed-clickhouse cluster list-access-bindings <cluster_name_or_ID>

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```

Call the Cluster.ListAccessBindings method, e.g., via the following cURL request:

curl \
  --request GET \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:listAccessBindings'

View the server response to make sure your request was successful.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

Call the ClusterService.ListAccessBindings method, e.g., via the following gRPCurl request:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.ListAccessBindings

Check the server response to make sure your request was successful.

Assigning a role

CLI

REST API

gRPC API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

View the description of the CLI command for assigning a role for a cluster:
```
yc managed-clickhouse cluster add-access-binding --help
```
Use this command to assign a role:
```
yc managed-clickhouse cluster add-access-binding <cluster_name_or_ID> \
  --role <role> \
  --subject <subject_type>:<subject_ID>
```
Where:
- --role: Role being assigned, e.g., managed-clickhouse.editor.
- --subject: Type and ID of the subject you are assigning the role to, in <subject_type>:<subject_ID> format.
  
  For example:
  - serviceAccount:aje6p030************
  - userAccount:aje8tj79************
  - system:allAuthenticatedUsers
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.

To view a list of roles assigned for the cluster, run this command:

yc managed-clickhouse cluster list-access-bindings <cluster_name_or_ID>

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Call the Cluster.UpdateAccessBindings method, e.g., via the following cURL request:
```
curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:updateAccessBindings' \
  --data '{
            "access_binding_deltas": [
              {
                "action": "ADD",
                "access_binding": {
                  "role_id": "<role>",
                  "subject": {
                    "id": "<subject_ID>",
                    "type": "<subject_type>"
                  }
                }
              }
            ]
          }'
```
Where:
- access_binding_deltas.roleId: Role being assigned, e.g., managed-clickhouse.editor.
- access_binding_deltas.subject.id: ID of the subject the role is assigned to.
- access_binding_deltas.subject.type: Type of subject the role is assigned to.
  
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.
Check the server response to make sure your request was successful.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.
Call the ClusterService.UpdateAccessBindings method, e.g., via the following gRPCurl request:
```
grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>",
        "access_binding_deltas": [
          {
            "action": "ADD",
            "access_binding": {
              "role_id": "<role>",
              "subject": {
                "id": "<subject_ID>",
                "type": "<subject_type>"
              }
            }
          }
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.UpdateAccessBindings
```
Where:
- resource_id: Cluster ID.
- access_binding_deltas.roleId: Role being assigned, e.g., managed-clickhouse.editor.
- access_binding_deltas.subject.id: ID of the subject the role is assigned to.
- access_binding_deltas.subject.type: Type of subject the role is assigned to.
  
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.
Check the server response to make sure your request was successful.

Assigning multiple roles

CLI

REST API

gRPC API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

Alert

The set-access-bindings command deletes all roles assigned for the cluster and assigns new ones.

To view a list of roles assigned for the cluster, run this command:

yc managed-clickhouse cluster list-access-bindings <cluster_name_or_ID>

View the description of the CLI command for assigning roles for a cluster:
```
yc managed-clickhouse cluster set-access-bindings --help
```
To assign roles, run this command:
```
yc managed-clickhouse cluster set-access-bindings <cluster_name_or_ID> \
  --access-binding role=<role>,subject=<subject_type>:<subject_1_ID> \
  --access-binding role=<role>,subject=<subject_type>:<subject_2_ID>
```
Where --access-binding assigns a role to a subject. You can assign multiple roles at once by describing each of them in a separate --access-binding parameter.
- role: Role being assigned, e.g., managed-clickhouse.editor.
- subject: Type and ID of the subject you are assigning the role to, in <subject_type>:<subject_ID> format.
  
  For example:
  - serviceAccount:aje6p030************
  - userAccount:aje8tj79************
  - system:allAuthenticatedUsers
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.

Alert

The setAccessBindings method overwrites access permissions for the resource. All roles previously assigned for this resource will be deleted.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```

Call the Cluster.SetAccessBindings method, e.g., via the following cURL request:

curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:setAccessBindings' \
  --data '{
            "accessBindings": [
              {
                "roleId": "<role>",
                "subject": {
                  "id": "<subject_1_ID>",
                  "type": "<subject_type>"
                }
              },
              {
                "roleId": "<role>",
                "subject": {
                  "id": "<subject_2_ID>",
                  "type": "<subject_type>"
                }
              },
              ...
              {
                "roleId": "<role>",
                "subject": {
                  "id": "<subject_N_ID>",
                  "type": "<subject_type>"
                }
              }
            ]
          }'

Where:

accessBindings.roleId: Role being assigned, e.g., managed-clickhouse.editor.
accessBindings.subject.id: ID of the subject the role is assigned to.
accessBindings.subject.type: Type of subject the role is assigned to.

The possible subject types include:
- userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
- serviceAccount: Service account created in Yandex Cloud.
- federatedUser: Account of an identity federation user.
- system: Public group of users.
  
  The possible values of a subject ID are as follows:
  - allAuthenticatedUsers: All authenticated users.
  - allUsers: Any user. No authentication is required.
  - group:organization:<organization_ID>:users: All users of the specified organization.
  - group:federation:<federation_ID>:users: All users of the specified identity federation.
Learn more about subject types in Subject a role is assigned to.

Check the server response to make sure your request was successful.

Alert

The ClusterService.SetAccessBindings method completely overwrites access permissions for the resource. All roles previously assigned for this resource will be deleted.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

Call the ClusterService.SetAccessBindings method, e.g., via the following gRPCurl request:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>",
        "accessBindings": [
          {
            "roleId": "<role>",
            "subject": {
              "id": "<subject_1_ID>",
              "type": "<subject_type>"
            }
          },
          {
            "roleId": "<role>",
            "subject": {
              "id": "<subject_2_ID>",
              "type": "<subject_type>"
            }
          },
          ...
          {
            "roleId": "<role>",
            "subject": {
              "id": "<subject_N_ID>",
              "type": "<subject_type>"
            }
          }
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.SetAccessBindings

Where:

resource_id: Cluster ID.
accessBindings.roleId: Role being assigned, e.g., managed-clickhouse.editor.
accessBindings.subject.id: ID of the subject the role is assigned to.
accessBindings.subject.type: Type of subject the role is assigned to.

The possible subject types include:
- userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
- serviceAccount: Service account created in Yandex Cloud.
- federatedUser: Account of an identity federation user.
- system: Public group of users.
  
  The possible values of a subject ID are as follows:
  - allAuthenticatedUsers: All authenticated users.
  - allUsers: Any user. No authentication is required.
  - group:organization:<organization_ID>:users: All users of the specified organization.
  - group:federation:<federation_ID>:users: All users of the specified identity federation.
Learn more about subject types in Subject a role is assigned to.

Check the server response to make sure your request was successful.

Revoking a role

CLI

REST API

gRPC API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

To view a list of roles assigned for the cluster, run this command:

yc managed-clickhouse cluster list-access-bindings <cluster_name_or_ID>

View the description of the CLI command for revoking a role for a cluster:
```
yc managed-clickhouse cluster remove-access-binding --help
```
To revoke a role, run this command:
```
yc managed-clickhouse cluster remove-access-binding <cluster_name_or_ID> \
  --role <role> \
  --subject <subject_type>:<subject_ID>
```
Where:
- --role: Role being revoked, e.g., managed-clickhouse.editor.
- --subject: Type and ID of the subject the role is assigned to, in <subject_type>:<subject_ID> format.
  
  For example:
  - serviceAccount:aje6p030************
  - userAccount:aje8tj79************
  - system:allAuthenticatedUsers
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Call the Cluster.UpdateAccessBindings method, e.g., via the following cURL request:
```
curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:updateAccessBindings' \
  --data '{
            "access_binding_deltas": [
              {
                "action": "REMOVE",
                "access_binding": {
                  "role_id": "<role>",
                  "subject": {
                    "id": "<subject_ID>",
                    "type": "<subject_type>"
                  }
                }
              }
            ]
          }'
```
Where:
- access_binding_deltas.roleId: Role being assigned, e.g., managed-clickhouse.editor.
- access_binding_deltas.subject.id: ID of the subject the role is assigned to.
- access_binding_deltas.subject.type: Type of subject the role is assigned to.
  
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.
Check the server response to make sure your request was successful.

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.
Call the ClusterService.UpdateAccessBindings method, e.g., via the following gRPCurl request:
```
grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>",
        "access_binding_deltas": [
          {
            "action": "REMOVE",
            "access_binding": {
              "role_id": "<role>",
              "subject": {
                "id": "<subject_ID>",
                "type": "<subject_type>"
              }
            }
          }
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.UpdateAccessBindings
```
Where:
- resource_id: Cluster ID.
- access_binding_deltas.roleId: Role being revoked, e.g., managed-clickhouse.editor.
- access_binding_deltas.subject.id: ID of the subject to revoke the role from.
- access_binding_deltas.subject.type: Subject type to revoke a role from.
  
  The possible subject types include:
  - userAccount: Yandex account added to Yandex Cloud or an account from a user pool.
  - serviceAccount: Service account created in Yandex Cloud.
  - federatedUser: Account of an identity federation user.
  - system: Public group of users.
    
    The possible values of a subject ID are as follows:
    - allAuthenticatedUsers: All authenticated users.
    - allUsers: Any user. No authentication is required.
    - group:organization:<organization_ID>:users: All users of the specified organization.
    - group:federation:<federation_ID>:users: All users of the specified identity federation.
  Learn more about subject types in Subject a role is assigned to.
Check the server response to make sure your request was successful.

Examples

Granting cluster management access to a service account

For a service account to be able to view the info of all Managed Service for ClickHouse® clusters in the folder but modify the resources in one particular cluster alone, give it the managed-clickhouse.viewer role for the folder and the managed-clickhouse.editor role for that cluster:

CLI

REST API

gRPC API

Assign the role for the folder:

yc resource-manager folder add-access-binding <folder_name_or_ID> \
  --role managed-clickhouse.viewer \
  --subject=serviceAccount:<service_account_ID>

Assign the roles for the cluster:

yc managed-clickhouse cluster add-access-bindings <cluster_name_or_ID> \
  --access-binding role=managed-clickhouse.editor,subject=serviceAccount:<service_account_ID>

Check the list of roles assigned for the cluster:

yc managed-clickhouse cluster list-access-bindings <cluster_name_or_ID>

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```

Assign the role for the folder:

curl \
  --request POST \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://resource-manager.api.cloud.yandex.net/resource-manager/v1/folders/<folder_ID>:updateAccessBindings' \
  --data '{
            "access_binding_deltas": [
              {
                "action": "ADD",
                "access_binding": {
                  "role_id": "managed-clickhouse.viewer",
                  "subject": {
                    "id": "<service_account_ID>",
                    "type": "serviceAccount"
                  }
                }
              }
            ]
          }'

access_binding_deltas.subject.id: ID of the service account the role is assigned to.

Call the Cluster.UpdateAccessBindings method, e.g., via the following cURL request:

curl \
  --request PATCH \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:updateAccessBindings' \
  --data '{
            "access_binding_deltas": [
              {
                "action": "ADD",
                "access_binding": {
                  "role_id": "managed-clickhouse.editor",
                  "subject": {
                    "id": "<service_account_ID>",
                    "type": "serviceAccount"
                  }
                }
              }
            ]
          }'

access_binding_deltas.subject.id: ID of the service account the role is assigned to.

Check the list of roles assigned for the folder:

curl \
  --request GET \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://resource-manager.api.cloud.yandex.net/resource-manager/v1/folders/<folder_ID>:updateAccessBindings'

Check the list of roles assigned for the cluster:

curl \
  --request GET \
  --header "Authorization: Bearer $IAM_TOKEN" \
  --header "Content-Type: application/json" \
  --url 'https://mdb.api.cloud.yandex.net/managed-clickhouse/v1/clusters/<cluster_ID>:listAccessBindings'

Get an IAM token for API authentication and place it in an environment variable:
```
export IAM_TOKEN="<IAM_token>"
```
Clone the cloudapi repository:
```
cd ~/ && git clone --depth=1 https://github.com/yandex-cloud/cloudapi
```
Below, we assume that the repository contents reside in the ~/cloudapi/ directory.

Assign the role for the folder:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/resourcemanager/v1/folder_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>",
        "access_binding_deltas": [
          {
            "action": "ADD",
            "access_binding": {
              "role_id": "managed-clickhouse.viewer",
              "subject": {
                "id": "<service_account_ID>",
                "type": "serviceAccount"
              }
            }
          }
        ]
      }' \
  resource-manager.api.cloud.yandex.net:443 \
  yandex.cloud.resourcemanager.v1.FolderService.UpdateAccessBindings

access_binding_deltas.subject.id: ID of the service account the role is assigned to.

Assign the role for the cluster:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>",
        "access_binding_deltas": [
          {
            "action": "ADD",
            "access_binding": {
              "role_id": "managed-clickhouse.editor",
              "subject": {
                "id": "<service_account_ID>",
                "type": "serviceAccount"
              }
            }
          }
        ]
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.UpdateAccessBindings

access_binding_deltas.subject.id: ID of the service account the role is assigned to.

Check the list of roles assigned for the folder:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/resourcemanager/v1/folder_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<folder_ID>"
      }' \
  resource-manager.api.cloud.yandex.net:443 \
  yandex.cloud.resourcemanager.v1.FolderService.ListAccessBindings

Check the list of roles assigned for the cluster:

grpcurl \
  -format json \
  -import-path ~/cloudapi/ \
  -import-path ~/cloudapi/third_party/googleapis/ \
  -proto ~/cloudapi/yandex/cloud/mdb/clickhouse/v1/cluster_service.proto \
  -rpc-header "Authorization: Bearer $IAM_TOKEN" \
  -d '{
        "resource_id": "<cluster_ID>"
      }' \
  mdb.api.cloud.yandex.net:443 \
  yandex.cloud.mdb.clickhouse.v1.ClusterService.ListAccessBindings

Managing access to a Managed Service for ClickHouse® cluster

Getting a list of roles assigned for a clusterGetting a list of roles assigned for a cluster

Assigning a roleAssigning a role

Assigning multiple rolesAssigning multiple roles

Revoking a roleRevoking a role

ExamplesExamples

Granting cluster management access to a service accountGranting cluster management access to a service account

Was the article helpful?

Getting a list of roles assigned for a cluster

Assigning a role

Assigning multiple roles

Revoking a role

Examples

Granting cluster management access to a service account