Service roles for managing connections using Yandex Connection Manager
With Yandex Connection Manager service roles, you can view non-secret connection data and manage connections. You can view secret connection data, such as DB passwords, in Yandex Lockbox. To do this, you will also need the lockbox.payloadViewer
role.
connection-manager.auditor
The connection-manager.auditor
role allows you to view public details on connections and access permissions assigned to them. If you have this role assigned for a cloud, it will also enable viewing Connection Manager quotas.
connection-manager.viewer
The connection-manager.viewer
role enables viewing info on connections and access permissions assigned to them, as well as on the Connection Manager quotas.
This role also includes the connection-manager.auditor
permissions.
connection-manager.editor
The connection-manager.editor
role allows you to manage connections and view their details.
Users with this role can:
- Create, use, edit, and delete connections.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role also includes the connection-manager.viewer
permissions.
connection-manager.admin
The connection-manager.admin
role allows you to manage connections and access to those, as well as view connection details.
Users with this role can:
- Create, use, edit, and delete connections, as well as manage access to them.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role also includes the connection-manager.editor
permissions.
connection-manager.user
The connection-manager.user
role enables using connections in the resources of other cloud services integrated with Connection Manager, e.g., in Data Transfer, DataLens, WebSQL, etc.
Roles required
The table below lists the roles required to perform a particular action. You can always assign a role offering more permissions than the one specified. For example, you can assign editor
instead of viewer
.
Action | Required roles |
---|---|
Getting information about connections | connection-manager.viewer |
Getting a list of connections | connection-manager.viewer |
Creating a connection | connection-manager.editor |
Editing a connection | connection-manager.editor |
Deleting a connection | connection-manager.editor |
Setting connection access permissions | connection-manager.admin |
Changing connection access permissions | connection-manager.admin |