Assigning a user as organization administrator
-
Log in to Yandex Identity Hub
using an administrator or organization owner account. -
In the left-hand panel, select
Access bindings. -
At the top right, click Assign bindings.
-
Select the user you want to assign as an administrator. If required, use the search bar.
-
Click
Add role and select one of the roles:organization-manager.admin
.organization-manager.organizations.owner
.
-
Click Save.
If you do not have the Yandex Cloud CLI installed yet, install and initialize it.
-
Assign the role using this command:
yc organization-manager organization add-access-binding <organization_name_or_ID> \ --role <role_ID> \ --subject userAccount:<user_ID>
Where:
--role
: Role ID. Specify either theorganization-manager.admin
ororganization-manager.organizations.owner
role.--subject
: User ID.
For example, this command assigns the administrator role for the organization with the
bpf3crucp1v2********
ID:yc organization-manager organization add-access-binding bpf3crucp1v2******** \ --role organization-manager.admin \ --subject userAccount:aje6o61dvog2********
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
-
Describe the parameters of the roles you assign in the configuration file:
resource "yandex_organizationmanager_organization_iam_binding" "org_admin_role" { organization_id = "<organization_ID>" role = "<role_ID>" members = [ "userAccount:<user_ID>", ] }
Where:
organization_id
: Organization ID.role
: Specify either theorganization-manager.admin
ororganization-manager.organizations.owner
role. For each role, you can only use oneyandex_organization manager_organization_iam_binding
resource.userAccount:<user_ID>
: ID of the user Yandex account.
To learn more about the resources you can create with Terraform, see the Terraform documentation
. -
Create the resources:
-
In the terminal, go to the directory where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
You will see a detailed list of resources. No changes will be made at this step. Terraform will show any errors found in your configuration.
-
Apply the changes:
terraform apply
-
Type
yes
and press Enter to confirm the changes.
-
The user will thus be assigned the organization administrator role. You can check the new role in the management console
Use the REST API method updateAccessBindings for the Organization resource or the gRPC API call OrganizationService/UpdateAccessBindings and provide the following in the request:
organization-manager.admin
ororganization-manager.organizations.owner
role ID in theroleId
parameter for the REST API orrole_id
for the gRPC API.- User ID and type in the
subject
section.