If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

1. Assign the role to the group:

   yc organization-manager organization add-access-binding \
     --subject group:<group_ID> \
     --role <role_ID> \
     --organization-users <organization_ID> \
     --federation-users <federation_ID>
   

   To assign a role to one of the system groups, instead of the --subject parameter, use --organization-users <organization_ID> or --federation-users <federation_ID>. In the parameter, provide the ID of the organization or identity federation, respectively, to all the users you want to assign the role to.

   You can also assign a role to a system group using the --subject parameter. To do this, provide in it the subject ID matching the selected system group.

2. Make sure the requested permissions are granted:

   yc organization-manager organization list-access-bindings <organization_ID>
   

   A response contains a list of all roles assigned to users and groups in the organization:

   +------------------------------------------+--------------+----------------------+
   |                 ROLE ID                  | SUBJECT TYPE |      SUBJECT ID      |
   +------------------------------------------+--------------+----------------------+
   | organization-manager.admin               | userAccount  | ajev1p2345lj******** |
   | organization-manager.organizations.owner | userAccount  | ajev1p2345lj******** |
   | editor                                   | group        | ajev1p2345lj******** |
   | viewer                                   | group        | ajev1p2345lj******** |
   +------------------------------------------+--------------+----------------------+
   

If you do not have Terraform yet, install it and configure the Yandex Cloud provider.

1. Add the resource parameters to the configuration file and specify the required role and group:

   resource "yandex_organizationmanager_organization_iam_member" "users-editors" {
     organization_id = "<organization_ID>"
     role            = "<role_ID>"
     member          = "group:<group_ID>"
   }
   

   Where:

   • organization_id: Organization ID. This is a required parameter.

   • role: Role to assign. This is a required parameter.

   • member: Group the role is assigned to. Use this format: group:<group_ID>. This is a required parameter.

     To assign a role to one of the system groups, specify the following in the member parameter:

     • system:group:organization:<organization_ID>:users: To assign a role to the All users in organization X system group.
     • system:group:federation:<federation_ID>:users: To assign a role to the All users in federation N system group.

   For more information about the yandex_organizationmanager_organization_iam_member resource parameters, see this Terraform article.

2. Create the resources:

   1. In the terminal, go to the directory where you edited the configuration file.

   2. Make sure the configuration file is correct using this command:

      terraform validate
      

      If the configuration is correct, you will get this message:

      Success! The configuration is valid.
      

   3. Run this command:

      terraform plan
      

      You will see a detailed list of resources. No changes will be made at this step. If the configuration contains any errors, Terraform will show them.

   4. Apply the changes:

      terraform apply
      

   5. Type yes and press Enter to confirm the changes.

   This will create all the resources you need in the specified folder. You can check the new resource using the management console or this CLI command:

   yc resource-manager folder list-access-bindings <folder_name_or_ID>