Access management
Roles this service has
Service roles
billing.accounts.owner
When creating your billing account, you get the billing.accounts.owner role automatically. Any user with the billing.accounts.owner role can revoke this role from the billing account creator and change the owner.
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View client offers.
- View info on the access permissions granted for the relevant billing accounts and modify such permissions.
- Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
- View and download reporting (or closing) documents.
- Generate new reconciliation reports.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
- Export details.
- Create budgets.
- Reserve resource usage.
- Top up their personal account using a bank account.
- Top up their personal account using a credit or debit card.
- Link clouds to a billing account.
- Rename billing accounts.
- Changing payer contact details.
- Change payment details.
- Change their credit or debit card details.
- Change the payment method.
- Redeem promo codes.
- Activate the trial period.
- Activate the paid version.
- Delete billing accounts.
On the Yandex Cloud partner portal, users with this role can:
- Create customer records (subaccounts).
- View the list of subaccounts and info on them, including personal data.
- Update subaccount records.
- Activate subaccounts.
- Suspend subaccounts.
- Re-activate subaccounts.
- Delete subaccounts without customer confirmation.
- Link clouds to subaccounts.
- Manage access permissions to subaccounts.
- View the details of how the customers use services.
- View the list of partner discounts and info on them.
This role includes the billing.accounts.admin and billing.accounts.varWithoutDiscounts permissions.
billing.accounts.viewer
To use the billing.accounts.viewer role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, and export reconciliation reports and reporting documents.
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View and download reporting (or closing) documents.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
billing.accounts.accountant
To use the billing.accounts.accountant role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, export reconciliation reports and reporting documents, create new reconciliation reports, and top up your personal account using a bank account.
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View and download reporting (or closing) documents.
- Generate new reconciliation reports.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
- Top up their personal account using a bank account.
This role includes the billing.accounts.viewer permissions.
billing.accounts.editor
To use the billing.accounts.editor role, you need to assign it for a billing account. It enables you to get payment invoices, redeem promo codes, link clouds and services to your billing account, create details export and budgets, generate reconciliation reports, and reserve resources.
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View client offers.
- View and download reporting (or closing) documents.
- Generate new reconciliation reports.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
- Export details.
- Create budgets.
- Reserve resource usage.
- Top up their personal account using a bank account.
- Link clouds to a billing account.
- Rename billing accounts.
- Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
- Link clouds to subaccounts.
This role includes the billing.accounts.viewer permissions.
billing.accounts.varWithoutDiscounts
To use the billing.accounts.varWithoutDiscounts role, you need to assign it for a billing account. This role grants partner accounts all administrator privileges, except the permission to get information about discounts.
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View info on the access permissions granted for the relevant billing accounts.
- View and download reporting (or closing) documents.
- Generate new reconciliation reports.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
- Export details.
- Create budgets.
- Reserve resource usage.
- Top up their personal account using a bank account.
- Link clouds to a billing account.
- Rename billing accounts.
- Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
- Create customer records (subaccounts).
- View the list of subaccounts and info on them.
- Activate subaccounts.
- Suspend subaccounts.
- Re-activate subaccounts.
- Link clouds to subaccounts.
- Manage access permissions to subaccounts.
- View the details of how the customers use services.
This role includes the billing.partners.editor permissions.
billing.accounts.admin
To use the billing.accounts.admin role, you need to assign it for a billing account. It enables managing access to a billing account (except for billing.accounts.owner).
In Yandex Cloud Billing, users with this role can:
- Display billing accounts in the list of all accounts.
- View billing account data.
- View client offers.
- View info on the access permissions granted for the relevant billing accounts and modify such permissions (except for assigning and revoking the
billing.accounts.ownerrole). - Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
- View and download reporting (or closing) documents.
- Generate new reconciliation reports.
- View and download generated reconciliation reports.
- Get and view notifications on consumption.
- Monitor expenses.
- View usage details.
- Export details.
- Create budgets.
- Reserve resource usage.
- Top up their personal account using a bank account.
- Link clouds to a billing account.
- Rename billing accounts.
- Redeem promo codes.
On the Yandex Cloud partner portal, users with this role can:
- Create customer records (subaccounts).
- View the list of subaccounts and info on them, including personal data.
- Activate subaccounts.
- Suspend subaccounts.
- Re-activate subaccounts.
- Link clouds to subaccounts.
- Manage access permissions to subaccounts.
- View the details of how the customers use services.
- View the list of partner discounts and info on them.
This role includes the billing.accounts.editor, billing.accounts.partnerAdmin, and billing.partners.editor permissions.
billing.accounts.partnerViewer
To use the billing.accounts.partnerViewer role, you need to assign it for a billing account. It enables viewing partner info, except for personal data.
On the Yandex Cloud partner portal, users with this role can:
- View the list of subaccounts and info on them (except for personal data).
- View the list of partner discounts.
- View the partner tools page.
- View the list of accounts and info on them (except for personal data).
- View the list of contacts and info on them (except for personal data).
- View the list of partner deals and info on them (except for personal data).
billing.accounts.piiPartnerViewer
To use the billing.accounts.piiPartnerViewer role, you need to assign it for a billing account. It enables viewing subaccount and partner info, including personal data.
On the Yandex Cloud partner portal, users with this role can:
- View info on the partner balance, discounts, and rebate withdrawals.
- View details on partner consumption, including consumption in partner subaccounts.
- View the list of partner discounts.
- View the partner tools page.
- View the list of accounts and info on them, including personal data.
- View the list of subaccounts and info on them, including personal data.
- View the list of contacts and info on them, including personal data.
- View the list of partner deals and info on them, including personal data.
This role includes the billing.accounts.partnerViewer permissions.
billing.accounts.partnerEditor
To use the billing.accounts.partnerEditor role, you need to assign it for a billing account. It enables managing accounts, subaccounts, contacts, and partner deals. This role does not provide access to personal data.
On the Yandex Cloud partner portal, users with this role can:
- Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
- View the list of subaccounts and info on them (except for personal data).
- Create new subaccounts and update the existing ones, as well as suspend, resume, and delete subaccounts.
- View the list of accounts and info on them (except for personal data), as well as edit such info.
- View the list of contacts and info on them (except for personal data), as well as edit such contacts.
- View the list of partner deals and info on them (except for personal data), as well as edit such info.
- View the list of partner discounts.
- View the partner tools page.
This role includes the billing.accounts.partnerViewer permissions.
billing.accounts.piiPartnerEditor
To use the billing.accounts.piiPartnerEditor role, you need to assign it for a billing account. It enables managing partner rebate withdrawals, as well as viewing subaccount and partner info, including personal data.
On the Yandex Cloud partner portal, users with this role can:
- View info on the partner balance, discounts, and rebate withdrawals.
- Create spending agreements for partner rebates and withdraw such rebates.
- View details on partner consumption, including consumption in partner subaccounts.
- View the list of partner discounts.
- View the partner tools page.
- View the list of accounts and info on them, including personal data.
- View the list of subaccounts and info on them, including personal data.
- View the list of contacts and info on them, including personal data.
- View the list of partner deals and info on them, including personal data.
This role includes the billing.accounts.piiPartnerViewer permissions.
billing.accounts.partnerAdmin
To use the billing.accounts.partnerAdmin role, you need to assign it to a billing account. It enables access to all partner portal tools and all info stored on the portal, including personal data.
On the Yandex Cloud partner portal, users with this role can:
- Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
- View the list of subaccounts and info on them, including personal data.
- Create new subaccounts and update the existing ones, as well as suspend, resume, and delete subaccounts.
- View the list of accounts and info on them, including personal data, as well as edit such info.
- View the list of contacts and info on them, including personal data, as well as edit such contacts.
- View the list of partner deals and info on them, including personal data, as well as edit such info.
- View info on the partner balance, discounts, and rebate withdrawals.
- Create spending agreements for partner rebates and withdraw such rebates.
- View details on partner consumption, including consumption in partner subaccounts.
- View the list of partner discounts.
- View the partner tools page.
This role includes the billing.accounts.partnerEditor and billing.accounts.piiPartnerEditor permissions.
Primitive roles
Primitive roles are aggregator roles that define user permissions to access services. In Yandex Cloud Billing, these roles match the following billing.accounts.* roles:
auditor: Same asbilling.accounts.viewer(with some limitations).viewer: Same asbilling.accounts.viewer.editor: Same asbilling.accounts.editor.admin: Same asbilling.accounts.admin.
Primitive roles can only be assigned to users in the Users list.
Available operations for a partner account
The tables below provide a list of operations available to each role type. Full names of the listed roles start with billing.accounts.*.
General operations for an account
|
Operations |
|
|
|
|
|
|
|
View billing account details |
||||||
|
Link a cloud to an account |
||||||
|
Manage billing account access permissions |
||||||
|
Activate the paid version |
||||||
|
Deleting a billing account |
Operations for the VAR program
|
Operations |
|
|
|
|
|
|
|
View a list of customers (subaccounts) |
||||||
|
View the customer service usage |
||||||
|
Create a customer record (subaccount) |
||||||
|
Suspend a subaccount |
||||||
|
Reactivate a subaccount |
||||||
|
View the list of partner bonuses and info on them |
||||||
|
Update customer record (subaccount) data |
Available operations for a subaccount
The table below provides a list of operations available to each role type. Full names of the listed roles start with billing.accounts.*.
|
Operations |
|
|
|
|
|
|
|
|
View subaccount details |
|||||||
|
Link a cloud to an account |
|||||||
|
Activate a subaccount |
|||||||
|
Manage subaccount access permissions |
|||||||
|
Delete a subaccount (without customer confirmation) |
|||||||
|
Accept partner invitation |
|||||||
|
Decline partner invitation |
1 The billing.accounts.customer role is assigned to a user automatically when you create their subaccount. You cannot assign it manually.