[Yandex Cloud documentation](../../index.md) > [Yandex Audit Trails](../index.md) > [Step-by-step guides](index.md) > Managing trail access permissions > Viewing roles assigned to a trail

# Viewing roles assigned for a trail

{% note info %}

A trail automatically [inherits](../../iam/concepts/access-control/index.md#inheritance) [roles](../security/index.md#roles-list) assigned for a folder, cloud, or organization. However, they do not appear in the list of assigned roles. You can learn more about viewing roles [here](../../iam/operations/roles/get-assigned-roles.md).

{% endnote %}

{% list tabs group=instructions %}

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../cli/quickstart.md#install).

  The folder used by default is the one specified when [creating](../../cli/operations/profile/profile-create.md) the CLI profile. To change the default folder, use the `yc config set folder-id <folder_ID>` command. You can also specify a different folder for any command using `--folder-name` or `--folder-id`. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. See the description of the CLI command to view [roles](../security/index.md#roles-list) assigned for a [trail](../concepts/trail.md):

      ```bash
      yc audit-trails trail list-access-bindings --help
      ```

  1. Get a list of trails:
     
     ```bash
     yc audit-trails trail list
     ```
     
     Result:
     
     ```text
     +----------------------+--------------+--------+-------------------+
     |          ID          |     NAME     | STATUS |      FILTERS      |
     +----------------------+--------------+--------+-------------------+
     | cnp82sb0phnm******** | trailfromapi | ACTIVE | storage compute   |
     |                      |              |        | management.events |
     | cnp8v52idttr******** | tf-trail     | ACTIVE | storage compute   |
     |                      |              |        | mdb.postgresql    |
     | cnpnkcubr529******** | test-2       | ACTIVE | compute           |
     +----------------------+--------------+--------+-------------------+
     ```
  1. View the roles assigned for a trail by specifying its name or ID:

      ```bash
      yc audit-trails trail list-access-bindings <trail_name_or_ID>
      ```

      Result:

      ```text
      +---------------------+--------------+-----------------------+
      |       ROLE ID       | SUBJECT TYPE |      SUBJECT ID       |
      +---------------------+--------------+-----------------------+
      | audit-trails.viewer | system       | allAuthenticatedUsers |
      +---------------------+--------------+-----------------------+
      ```

- API {#api}

  To view roles assigned for a [trail](../concepts/trail.md), use the [listAccessBindings](../api-ref/Trail/listAccessBindings.md) REST API method for the [Trail](../api-ref/Trail/index.md) resource or the [TrailService/ListAccessBindings](../api-ref/grpc/Trail/listAccessBindings.md) gRPC API call.

{% endlist %}