Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Platform overview
  • Getting started
    • Platform architecture
    • Regions
    • Network overview
    • Public IP address ranges
    • User interaction with resources
    • Deleting user data
    • Service list
    • Release stages
    • Observability (monitoring and logging) tools
    • SLA
    • Quotas and limits
    • Release notes
    • Troubleshooting
    • Overview
    • Mobile app
    • API
    • Working with the Yandex Cloud CLI and API in Microsoft Windows

In this article:

  • Yandex Cloud resources
  • Users
  • Access management
  1. Yandex Cloud platform
  2. User interaction with resources

Interaction between users and Yandex Cloud resources

Written by
Yandex Cloud
Updated at March 31, 2025
  • Yandex Cloud resources
  • Users
  • Access management

All Yandex Cloud services work based on the common resource and role model. Its underlying entity is organization that combines different types of resources and users in a single workspace. You add and manage users at the organization level, see Organization membership for more details.

Yandex Cloud resourcesYandex Cloud resources

When using Yandex Cloud services, you create resources: VMs, managed database and Kubernetes clusters, registries, secrets, and more. Most services store the resources they create in folders. Folders belong to clouds, and clouds belong to organizations.

In addition, organizations may have the following enabled: Yandex DataSphere, a Yandex DataLens instance, as well as Yandex Tracker, Yandex Wiki, Yandex Forms, and Yandex SpeechSense. All of them store their resources on their own, yet are able to exchange information with other services within the same organization. Organizations do not interact with each other.

In the Cloud Center interface, you can look up the clouds and services existing in your organization.

Learn more about the resource hierarchy in Yandex Cloud.

UsersUsers

Each Yandex Cloud user has an account of their own used for identification when performing operations with resources. This can be either a Yandex ID account or a federated account of an identity federation. In addition, there are service accounts: a special type of account your software can use to perform operations with Yandex Cloud resources. Learn more about accounts.

Each user belongs to at least one organization. When logging in to Yandex Cloud with your Yandex ID for the first time, you will be prompted to register your own organization. After creating an organization, you can enable and disable Yandex Cloud services, create clouds, folders, and other resources.

You can invite other members with Yandex accounts to your organization to grant them access to its services and resources. If your company already uses a different account management system (such as Active Directory or Keycloak), you can configure an identity federation. This will allow company employees to use their corporate accounts to access Yandex Cloud services. For bulk access management, users can be combined into groups.

Access managementAccess management

Yandex Cloud resource access rights are managed using roles. To enable an account (subject) to perform actions on a resource (object), assign appropriate roles for the resource either to the account or the group to which it belongs. Basically, each role is a list of permitted object operations. Permissions to access Yandex Cloud resources are managed by Yandex Identity and Access Management.

To authenticate users, Yandex Cloud services request credentials. The type of data requested depends on the account type, the service, and request interface. When using the API, the folder ID is also required to uniquely identify the resource and verify the permissions. If actions are performed on behalf of a service account, the ID of its folder is used by default.

Was the article helpful?

Previous
Public IP address ranges
Next
Deleting user data
© 2025 Direct Cursus Technology L.L.C.