Documentation Index
Fetch the complete documentation index at: https://docs.nebius.com/llms.txt
Use this file to discover all available pages before exploring further.
To grant users and service accounts access to the tenant’s resources, add them to one of the groups.
Prerequisites
Make sure you are in a group that has the admin role within your tenant; for example, the default admins group. You can check this in the Administration → IAM section of the web console.
-
Make sure you are in a group that has the
admin role within your tenant; for example, the default admins group. You can check this in the Administration → IAM section of the web console.
-
Install and configure the Nebius AI Cloud CLI.
-
Check that your project ID is saved in the Nebius AI Cloud CLI profile configuration:
cat ~/.nebius/config.yaml
-
Install the jq to extract IDs and tokens from JSON data returned by the Nebius AI Cloud CLI:
-
In the web console, go to
Administration → IAM.
-
If the group was created in a tenant, get the tenant ID and save it to an environment variable:
export TENANT_ID=<tenant_ID>
-
If the group was created in a project, get the project ID and save it to an environment variable:
export PROJECT_ID=<project_ID>
-
Get the relevant group ID and save it to an environment variable:
export GROUP_ID=$(nebius iam group get-by-name \
--name <group_name> \
--parent-id <$TENANT_ID|$PROJECT_ID> \
--format json \
| jq -r ".metadata.id")
Add a user account
To add a user to a group:
- In the sidebar, go to Administration → IAM.
- On the Groups tab, click the group you want to add a user to.
- Click Add members.
- In the window that opens, find the user you want to add to the group and click
Add next to their name.
To add a user to a group via the Nebius AI Cloud CLI, you must have their email address.
-
Save a user email to an environment variable:
export USER_EMAIL=<user_email>
-
Get the user account’s ID and save it to an environment variable:
export USER_ID=$(nebius iam tenant-user-account-with-attributes list \
--parent-id $TENANT_ID \
--format json | jq -r --arg user_email "$USER_EMAIL" \
'.items[] | select(.attributes.email == $user_email)
| .tenant_user_account.metadata.id')
-
To add the user account to the group, set up its membership:
nebius iam group-membership create \
--parent-id $GROUP_ID \
--member-id $USER_ID
-
Check that the account has appeared in the group:
nebius iam group-membership list-members \
--parent-id $GROUP_ID | grep "$USER_ID"
Add a service account
To add a service account to a group:
- In the sidebar, go to Administration → IAM.
- On the Groups tab, click on the group you want to add a service account to.
- Click Add members.
- In the window that opens, switch to the Service accounts tab.
- Find the service account you want to add to the group and click Add next to its name.
To add a service account to a group via the Nebius AI Cloud CLI, you must have its name.
-
Get the service account’s ID and save it to an environment variable:
export SA_ID=$(nebius iam service-account get-by-name \
--name <service_account_name> \
--format json \
| jq -r ".metadata.id")
-
Set up the account membership in the group:
nebius iam group-membership create \
--parent-id $GROUP_ID \
--member-id $SA_ID
-
Check that the account has appeared in the group:
nebius iam group-membership list-members \
--parent-id $GROUP_ID | grep "$SA_ID"
If you don’t know the name of the service account:
-
View all service accounts for your project:
nebius iam service-account list
-
Get the service account’s ID and save it to an environment variable. If the required service account does not appear as the first item in the previous command output, change the digit in
.items[0].metadata.id:
export SA_ID=$(nebius iam service-account list \
--format json \
| jq -r ".items[0].metadata.id")
-
Set up the account membership in the group:
nebius iam group-membership create \
--parent-id $GROUP_ID \
--member-id $SA_ID
-
Check that the new account has appeared in the group:
nebius iam group-membership list-members \
--parent-id $GROUP_ID | grep "$SA_ID"
