Service roles for managing connections using Yandex Connection Manager
With Yandex Connection Manager service roles, you can view non-secret connection data and manage connections. You can view secret connection data, such as DB passwords, in Yandex Lockbox. To do this, you will also need the lockbox.payloadViewer role.
connection-manager.auditor
The connection-manager.auditor role allows you to view public details on connections and access permissions assigned to them. If you have this role assigned for a cloud, it will also enable viewing Connection Manager quotas.
connection-manager.viewer
The connection-manager.viewer role enables viewing info on connections and access permissions assigned to them, as well as on the Connection Manager quotas.
This role includes the connection-manager.auditor permissions.
connection-manager.editor
The connection-manager.editor role allows you to manage connections and view their details.
Users with this role can:
- Create, use, edit, and delete connections.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role includes the connection-manager.viewer permissions.
connection-manager.admin
The connection-manager.admin role allows you to manage connections and access to those, as well as view connection details.
Users with this role can:
- Create, use, edit, and delete connections, as well as manage access to them.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role includes the connection-manager.editor permissions.
connection-manager.user
The connection-manager.user role enables using connections in the resources of other cloud services integrated with Connection Manager, e.g., in Data Transfer, DataLens, WebSQL, etc.
Roles required
The table below lists the roles required to perform a particular action. You can always assign a role offering more permissions than the one specified. For example, you can assign editor instead of viewer.
| Action | Required roles |
|---|---|
| Getting information about connections | connection-manager.viewer |
| Getting a list of connections | connection-manager.viewer |
| Creating a connection | connection-manager.editor |
| Editing a connection | connection-manager.editor |
| Deleting a connection | connection-manager.editor |
| Setting connection access permissions | connection-manager.admin |
| Changing connection access permissions | connection-manager.admin |