Service roles for managing connections using Yandex Connection Manager
With Yandex Connection Manager service roles, you can view non-secret connection data and manage connections. You can view secret connection data, such as DB passwords, in Yandex Lockbox. To do this, you will also need the lockbox.payloadViewer
role.
connection-manager.auditor
The connection-manager.auditor
role allows you to view public details on connections and access permissions assigned to them. If you have this role assigned for a cloud, it will also enable viewing Connection Manager quotas.
connection-manager.viewer
The connection-manager.viewer
role enables viewing info on connections and access permissions assigned to them, as well as on the Connection Manager quotas.
This role also includes the connection-manager.auditor
permissions.
connection-manager.editor
The connection-manager.editor
role allows you to manage connections and view their details.
Users with this role can:
- Create, use, edit, and delete connections.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role also includes the connection-manager.viewer
permissions.
connection-manager.admin
The connection-manager.admin
role allows you to manage connections and access to those, as well as view connection details.
Users with this role can:
- Create, use, edit, and delete connections, as well as manage access to them.
- View connection details and info on connection access permissions.
- View info on Connection Manager quotas.
This role also includes the connection-manager.editor
permissions.
connection-manager.user
The connection-manager.user
role enables using connections in the resources of other cloud services integrated with Connection Manager, e.g., in Data Transfer, DataLens, WebSQL, etc.
What roles do I need
The table below lists the roles required to perform a particular action. You can always assign a role offering more permissions than the one specified. For example, you can assign the editor
role instead of viewer
.
Action | Required roles |
---|---|
Getting information about connections | connection-manager.viewer |
Getting a list of connections | connection-manager.viewer |
Creating a connection | connection-manager.editor |
Editing a connection | connection-manager.editor |
Deleting a connection | connection-manager.editor |
Setting connection access permissions | connection-manager.admin |
Changing connection access permissions | connection-manager.admin |