User cannot see an invitation to an organization or the admin role
Issue description
After inviting users to the organization and assigning them the admin role for a folder or specific service, the user cannot see the invitation.
Solution
Yandex Cloud resource hierarchy looks like this:
- Organization.
- Cloud.
- Folder.
- Individual resource if the relevant service supports such granular access management.
To learn more, see this article.
Thus, to provide a user with access to the folder, you first need to grant them permissions for the cloud.
For example, you can assign the resource-manager.clouds.member role for the cloud and admin, for the folder. If a user needs to view all clouds, assign the resource-manager.clouds.member role at the organization level and grant granular access permissions for the relevant clouds or folders.
Note
Following the hierarchy and permission inheritance from the organization down to the cloud and then to the folder, assigning the admin role for the cloud grants the user the admin permissions for all nested folders and associated resources.