Blocking users from viewing information about organization members
By default, all Identity Hub users can view information about all other users in the same organization. You can restrict this access by reserving it for individual users only. User visibility restriction will only apply within Yandex Cloud and will not affect external services.
Before you block access to the information about organization members, make sure to grant this access to the appropriate users.
Roles allowing users to view information about organization members:
auditorviewereditoradminorganization-manager.users.viewerorganization-manager.groups.memberAdminorganization-manager.federations.userAdminorganization-manager.viewerorganization-manager.adminorganization-manager.organizations.owner
Alert
When assigning user roles, for security reasons, apply the least privilege principle, i.e., assign roles with minimal permissions to perform only the required tasks.
To block users from viewing information about other organization members:
-
Log in to Yandex Identity Hub using an administrator or organization owner account.
Switch to an organization or federation of your choice as needed.
-
At the top of the screen, navigate to the Identity Hub tab.
-
In the left-hand panel, select Security settings.
-
Under Confidentiality, enable Block users from viewing the list of organization members and their details.
Disable this option to allow users to view information about other organization members.