Access management

Which roles exist in the serviceWhich roles exist in the service

Service rolesService roles

billing.accounts.ownerbilling.accounts.owner

When creating your billing account, you get the billing.accounts.owner role automatically. It cannot be revoked, but you can assign it to other users and then revoke from them.

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View client offers.
• View info on the access permissions granted for the relevant billing accounts and modify such permissions.
• Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
• View and download reporting (or closing) documents.
• Generate new reconciliation reports.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.
• Export details.
• Create budgets.
• Reserve resource usage.
• Top up their personal account using a bank account.
• Top up their personal account using a credit or debit card.
• Link clouds to a billing account.
• Rename billing accounts.
• Changing payer contact details.
• Change payment details.
• Change their credit or debit card details.
• Change the payment method.
• Redeem promo codes.
• Activate the trial period.
• Activate the paid version.
• Delete billing accounts.

On the Yandex Cloud partner portal, users with this role can:

• Create customer records (subaccounts).
• View the list of subaccounts and info on them.
• Update subaccount records.
• Activate subaccounts.
• Suspend subaccounts.
• Re-activate subaccounts.
• Delete subaccounts without customer confirmation.
• Link clouds to subaccounts.
• Manage access permissions to subaccounts.
• View the details of how the customers use services.
• View rebate credit history.
• Withdraw rebate.
• View assigned specializations.
• View the list of partner discounts and info on them.
• View the history of crediting referral program bonuses.
• Withdraw referral program bonuses.
• View the status of settlements with the referrer company.
• View the list of referral links.
• Create referral links.
• Activate referral links.
• Modify referral links.

This role also includes the billing.accounts.admin permissions.

billing.accounts.viewerbilling.accounts.viewer

To use the billing.accounts.viewer role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, and export reconciliation reports and reporting documents.

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View and download reporting (or closing) documents.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.

On the Yandex Cloud partner portal, users with this role can:

• View the list of subaccounts and info on them.
• View the details of how the customers use services.
• View assigned specializations.
• View the list of partner discounts and info on them.
• View the history of crediting referral program bonuses.
• View the status of settlements with the referrer company.
• View the list of referral links.

billing.accounts.accountantbilling.accounts.accountant

To use the billing.accounts.accountant role, you need to assign it for a billing account. This role enables you to view billing account data, get information about resource consumption, monitor expenses, export reconciliation reports and reporting documents, create new reconciliation reports, and top up your personal account using a bank account.

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View and download reporting (or closing) documents.
• Generate new reconciliation reports.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.
• Top up their personal account using a bank account.

On the Yandex Cloud partner portal, users with this role can:

• View the list of subaccounts and info on them.
• View the details of how the customers use services.
• View rebate credit history.
• Withdraw rebate.
• View assigned specializations.
• View the list of partner discounts and info on them.
• View the history of crediting referral program bonuses.
• View the status of settlements with the referrer company.
• View the list of referral links.

This role also includes the billing.accounts.viewer permissions.

billing.accounts.editorbilling.accounts.editor

To use the billing.accounts.editor role, you need to assign it for a billing account. It enables you to get payment invoices, redeem promo codes, link clouds and services to your billing account, create details export and budgets, generate reconciliation reports, and reserve resources.

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View client offers.
• View and download reporting (or closing) documents.
• Generate new reconciliation reports.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.
• Export details.
• Create budgets.
• Reserve resource usage.
• Top up their personal account using a bank account.
• Link clouds to a billing account.
• Rename billing accounts.
• Redeem promo codes.

On the Yandex Cloud partner portal, users with this role can:

• Create customer records (subaccounts).
• View the list of subaccounts and info on them.
• Activate subaccounts.
• Suspend subaccounts.
• Re-activate subaccounts.
• Link clouds to subaccounts.
• View the details of how the customers use services.
• View rebate credit history.
• Withdraw rebate.
• View assigned specializations.
• View the list of partner discounts and info on them.
• View the history of crediting referral program bonuses.
• Withdraw referral program bonuses.
• View the status of settlements with the referrer company.
• View the list of referral links.
• Create referral links.
• Activate referral links.
• Modify referral links.

This role also includes the billing.accounts.viewer permissions.

billing.accounts.varWithoutDiscountsbilling.accounts.varWithoutDiscounts

To use the billing.accounts.varWithoutDiscounts role, you need to assign it for a billing account. This role grants partner accounts all administrator privileges, except the permission to get information about discounts.

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View info on the access permissions granted for the relevant billing accounts.
• View and download reporting (or closing) documents.
• Generate new reconciliation reports.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.
• Export details.
• Create budgets.
• Reserve resource usage.
• Top up their personal account using a bank account.
• Link clouds to a billing account.
• Rename billing accounts.
• Redeem promo codes.

On the Yandex Cloud partner portal, users with this role can:

• Create customer records (subaccounts).
• View the list of subaccounts and info on them.
• Activate subaccounts.
• Suspend subaccounts.
• Re-activate subaccounts.
• Link clouds to subaccounts.
• Manage access permissions to subaccounts.
• View the details of how the customers use services.
• View rebate credit history.
• Withdraw rebate.
• View the history of crediting referral program bonuses.
• Withdraw referral program bonuses.
• View the status of settlements with the referrer company.
• Create referral links.
• Activate referral links.
• Modify referral links.

This role also includes the billing.partners.editor permissions.

billing.accounts.adminbilling.accounts.admin

To use the billing.accounts.admin role, you need to assign it for a billing account. It enables managing access to a billing account (except for billing.accounts.owner).

In Yandex Cloud Billing, users with this role can:

• Display billing accounts in the list of all accounts.
• View billing account data.
• View client offers.
• View info on the access permissions granted for the relevant billing accounts and modify such permissions (except for assigning and revoking the billing.accounts.owner role).
• Activate, deactivate, or modify the technical support service plan, as well as change the billing account from which the payment is debited.
• View and download reporting (or closing) documents.
• Generate new reconciliation reports.
• View and download generated reconciliation reports.
• Get and view notifications on consumption.
• Monitor expenses.
• View usage details.
• Export details.
• Create budgets.
• Reserve resource usage.
• Top up their personal account using a bank account.
• Link clouds to a billing account.
• Rename billing accounts.
• Redeem promo codes.

On the Yandex Cloud partner portal, users with this role can:

• Create customer records (subaccounts).
• View the list of subaccounts and info on them.
• Activate subaccounts.
• Suspend subaccounts.
• Re-activate subaccounts.
• Link clouds to subaccounts.
• Manage access permissions to subaccounts.
• View the details of how the customers use services.
• View rebate credit history.
• Withdraw rebate.
• View assigned specializations.
• View the list of partner discounts and info on them.
• View the history of crediting referral program bonuses.
• Withdraw referral program bonuses.
• View the status of settlements with the referrer company.
• View the list of referral links.
• Create referral links.
• Activate referral links.
• Modify referral links.

This role also includes the billing.accounts.editor and billing.partners.editor permissions.

billing.accounts.partnerViewerbilling.accounts.partnerViewer

To use the billing.accounts.partnerViewer role, you need to assign it for a billing account. It enables viewing partner info, except for personal data.

On the Yandex Cloud partner portal, users with this role can:

• View the list of subaccounts.
• View the list of partner discounts.
• View the partner tools page.
• View the list of accounts and info on them (except for personal data).
• View the list of contacts and info on them (except for personal data).
• View the list of partner deals and info on them (except for personal data).

billing.accounts.piiPartnerViewerbilling.accounts.piiPartnerViewer

To use the billing.accounts.piiPartnerViewer role, you need to assign it for a billing account. It enables managing subaccounts and viewing partner info, including personal data.

On the Yandex Cloud partner portal, users with this role can:

• Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
• View info on the partner balance, discounts, and rebate withdrawals.
• View details on partner consumption, including partner subaccounts.
• View the list of partner discounts.
• View the partner tools page.
• View the list of accounts and info on them, including personal data.
• View the list of contacts and info on them, including personal data.
• View the list of partner deals and info on them, including personal data.

This role also includes the billing.accounts.partnerViewer permissions.

billing.accounts.partnerEditorbilling.accounts.partnerEditor

To use the billing.accounts.partnerEditor role, you need to assign it for a billing account. It enables managing accounts, subaccounts, contacts, and partner deals. This role does not provide access to personal data.

On the Yandex Cloud partner portal, users with this role can:

• Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
• View the list of subaccounts, create new ones and update the existing ones, as well as suspend, resume, and delete subaccounts.
• View the list of accounts and info on them (except for personal data), as well as edit such info.
• View the list of contacts and info on them (except for personal data), as well as edit such contacts.
• View the list of partner deals and info on them (except for personal data), as well as edit such info.
• View the list of partner discounts.
• View the partner tools page.

This role also includes the billing.accounts.partnerViewer permissions.

billing.accounts.piiPartnerEditorbilling.accounts.piiPartnerEditor

To use the billing.accounts.piiPartnerEditor role, you need to assign it for a billing account. It enables managing partner rebate withdrawals and subaccounts, as well as viewing partner info, including personal data.

On the Yandex Cloud partner portal, users with this role can:

• Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
• View info on the partner balance, discounts, and rebate withdrawals.
• Create spending agreements for partner rebates and withdraw such rebates.
• View details on partner consumption, including partner subaccounts.
• View the list of partner discounts.
• View the partner tools page.
• View the list of accounts and info on them, including personal data.
• View the list of contacts and info on them, including personal data.
• View the list of partner deals and info on them, including personal data.

This role also includes the billing.accounts.piiPartnerViewer permissions.

billing.accounts.partnerAdminbilling.accounts.partnerAdmin

To use the billing.accounts.partnerAdmin role, you need to assign it to a billing account. It enables access to all partner portal tools and all info stored on the portal, including personal data.

On the Yandex Cloud partner portal, users with this role can:

• Manage subaccounts regardless of the access permissions assigned at the organization level, excepting the permission to work with a partner.
• View the list of subaccounts, create new ones and update the existing ones, as well as suspend, resume, and delete subaccounts.
• View the list of accounts and info on them, including personal data, as well as edit such info.
• View the list of contacts and info on them, including personal data, as well as edit such contacts.
• View the list of partner deals and info on them, including personal data, as well as edit such info.
• View info on the partner balance, discounts, and rebate withdrawals.
• Create spending agreements for partner rebates and withdraw such rebates.
• View details on partner consumption, including partner subaccounts.
• View the list of partner discounts.
• View the partner tools page.

This role also includes the billing.accounts.partnerEditor and billing.accounts.piiPartnerEditor permissions.

Primitive rolesPrimitive roles

Primitive roles are aggregator roles that define user permissions to access services. In Yandex Cloud Billing, these roles match the following billing.accounts.* roles:

• auditor: Same as billing.accounts.viewer with some limitations.
• viewer: Same as billing.accounts.viewer.
• editor: Same as billing.accounts.editor.
• admin: Same as billing.accounts.admin.

Primitive roles can only be assigned to users in the Users list.

Available operations for a partner accountAvailable operations for a partner account

The tables below provide a list of operations available to each role type. Full names of the listed roles start with billing.accounts.*.

General operations for an accountGeneral operations for an account

Operations	owner	viewer	accountant	editor	admin	varWithoutDiscounts
View billing account details
Link a cloud to an account
Manage billing account access permissions
Activate the paid version
Delete a billing account

Operations for the VAR programOperations for the VAR program

Operations	owner	viewer	accountant	editor	admin	varWithoutDiscounts
View a list of customers (subaccounts)
View the customer service usage
View the rebate credit history
Withdraw rebate
Create a customer record (subaccount)
Suspend a subaccount
Reactivate a subaccount
View assigned specializations
View the list of partner commissions and info on them.
Update customer record (subaccount) data

Operations for the referral programOperations for the referral program

Operations	owner	viewer	accountant	editor	admin	varWithoutDiscounts
View the history of crediting referral program commissions
View the status of settlements with the referrer company: accrued, withdrawn, and balance
Create a referral link
Modify a referral link
Activate a referral link
Withdraw referral program commissions
View the list of referral links

Available operations for a subaccountAvailable operations for a subaccount

The table below provides a list of operations available to each role type. Full names of the listed roles start with billing.accounts.*.

Operations	customer 1	owner	viewer	accountant	editor	admin	varWithoutDiscounts
View subaccount details
Link a cloud to an account
Activate a subaccount
Manage subaccount access permissions
Delete a subaccount (without customer confirmation)
Accept partner invitation
Decline partner invitation

¹ The billing.accounts.customer role is assigned to a user automatically when you create their subaccount. You cannot assign it manually.