yandex_datasphere_project_iam_binding (Resource)
Статья создана
Обновлена 9 июля 2026 г.
Allows creation and management of a single binding within IAM policy for an existing project.
Важно
Warning: This resource is authoritative for the given role on the target project and manages the complete set of its members. When you change or delete yandex_datasphere_project_iam_binding, the role may be removed from other subjects on the project as well — including subjects granted outside of this resource (via the corresponding *_iam_member resource, the management console, CLI or API). Those subjects are not tracked in the Terraform state, so a plain terraform plan does not list them. Be careful.
Example usage
//
// Create a new Datasphere Project and new IAM Binding for it.
//
resource "yandex_datasphere_community" "my-community" {
name = "example-datasphere-community"
description = "Description of community"
billing_account_id = "example-organization-id"
organization_id = "example-organization-id"
}
resource "yandex_datasphere_project" "my-project" {
name = "example-datasphere-project"
description = "Datasphere Project description"
community_id = yandex_datasphere_community.my-community.id
# ...
}
resource "yandex_datasphere_project_iam_binding" "project-iam" {
project_id = "your-datasphere-project-id"
role = "datasphere.community-projects.developer"
members = [
"system:allUsers",
]
}
Arguments & Attributes Reference
id(String). The ID of this resource.members(Required)(Set Of String). An array of identities that will be granted the privilege in therole. Each entry can have one of the following values:
- userAccount:{user_id}: A unique user ID that represents a specific Yandex account.
- serviceAccount:{service_account_id}: A unique service account ID.
- federatedUser:{federated_user_id}: A unique federated user ID.
- federatedUser:{federated_user_id}:: A unique SAML federation user account ID.
- group:{group_id}: A unique group ID.
- system:group:federation:{federation_id}:users: All users in federation.
- system:group:organization:{organization_id}:users: All users in organization.
- system:allAuthenticatedUsers: All authenticated users.
- system:allUsers: All users, including unauthenticated ones.
Важно
for more information about system groups, see Cloud Documentation.
project_id(Required)(String). The ID of the computeprojectto attach the policy to.role(Required)(String). The role that should be assigned. Only one yandex_datasphere_project_iam_binding can be used per role.sleep_after(Number). For test purposes, to compensate IAM operations delay