User groups
For organizations with a lot of employees, multiple users may need to be granted the same access rights to Yandex Cloud resources. In this case, it is more convenient to grant roles and permissions to a group rather than individually. You can set up a group member's access to clouds, folders, service accounts, and organizations in Yandex Cloud.
Other users will be able to manage the group if you grant them appropriate roles, e.g., organization-manager.groups.memberAdmin
to view data and add group members.
In addition to groups created by the administrator, Yandex Cloud has system groups (All users in organization X
and All users in federation N
) and public groups (All authenticated users
and All users
).
Groups may only have a one-level structure. You cannot create nested groups. Membership in a group provides all of its members with equal rights.
If you use user groups in your identity provider (IdP) when working with federations, you can map groups between the IdP and Cloud Organization.