Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Managing folder access policies

Written by
Updated at February 25, 2026

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies complement the role system for more flexible access management.

A folder’s access policies can be managed by users with the resource-manager.admin or admin role for the folder.

Assigning an access policy for a folder

To assign an access policy for a folder:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of supported access policies with their IDs.

  2. Run this command:

    yc resource-manager folder bind-access-policy \
  --name <folder_name> \
  --access-policy-template-id=<access_policy_ID>

    Where:

    • --name: Name of the folder to assign the policy for. Instead of the folder name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy to assign for the folder.

  3. Make sure the policy was assigned.

Use the bindAccessPolicy REST API method for the Folder resource or the FolderService/BindAccessPolicy gRPC API call.

The assigned access policy will apply to all resources in the specified folder.

Viewing the list of access policies assigned for a folder

To view the list of access policies assigned for a folder:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

Run the command, specifying the name or ID of the folder for which you want to view the assigned policies:

yc resource-manager folder list-access-policy-bindings <folder_name_or_ID>

Result:

+---------------------------------------+
|      ACCESS POLICY TEMPLATE ID        |
+---------------------------------------+
| iam.denyServiceAccountApiKeysCreation |
+---------------------------------------+

Use the listAccessPolicyBindings REST API method for the Folder resource or the FolderService/ListAccessPolicyBindings gRPC API call.

Revoking an access policy assigned for a folder

To revoke an access policy assigned for a folder:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of access policy IDs assigned for the folder.

  2. Run this command:

    yc resource-manager folder unbind-access-policy \
  --name <folder_name> \
  --access-policy-template-id=<access_policy_ID>

    Where:

    • --name: Name of the folder you want to revoke the policy from. Instead of the folder name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to revoke from the specified folder.

  3. Make sure the policy has been revoked.

Use the unbindAccessPolicy REST API method for the Folder resource or the FolderService/UnbindAccessPolicy gRPC API call.

The specified access policy will no longer apply to resources in the specified folder.

See also

Previous
Deleting a folder
Next
Setting up access rights