[Yandex Cloud documentation](../../../index.md) > [Yandex Identity and Access Management](../../index.md) > [Step-by-step guides](../index.md) > Access policies > Viewing policies created for a resource

# Viewing access policies created for a resource

{% note info %}

This feature is in the [Preview](../../../overview/concepts/launch-stages.md) stage. To get access, contact [tech support](https://center.yandex.cloud/support) or your account manager.

{% endnote %}

[Access policies](../../concepts/access-control/access-policies.md) are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with [Yandex Cloud resources](../../../overview/roles-and-resources.md). Access policies are based on [templates](../../concepts/access-control/access-policies.md#supported-policies) and complement the [role](../../concepts/access-control/roles.md) system for more flexible [access management](../../concepts/access-control/index.md).

You can create access policies for a [folder](#folder), [cloud](#cloud), or [organization](#organization).

{% note info %}

To manage access policies, a user must have one of the following roles:

* [`resource-manager.admin`](../../../resource-manager/security/index.md#resource-manager-admin) or [`admin`](../../roles-reference.md#admin) for the [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder) or [cloud](../../../resource-manager/concepts/resources-hierarchy.md#cloud) to manage access policies at the folder or cloud level, respectively.
* [`organization-manager.admin`](../../../organization/security/index.md#organization-manager-admin) or [`admin`](../../roles-reference.md#admin) for the [organization](../../../organization/concepts/organization.md) to manage access policies at the organization level.

{% endnote %}

## Viewing access policies created for a folder {#folder}

To view a list of access policies created for a [folder](../../../resource-manager/concepts/resources-hierarchy.md#folder):

{% list tabs group=instructions %}

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  Run this command by specifying the name or [ID](../../../resource-manager/operations/folder/get-id.md) of the folder for which you want to view the new policies:

  ```bash
  yc resource-manager folder list-access-policy-bindings <folder_name_or_ID>
  ```

  Result:

  ```
  +---------------------------------------------+-------------------------------------------------+
  |          ACCESS POLICY TEMPLATE ID          |                   PARAMETERS                    |
  +---------------------------------------------+-------------------------------------------------+
  | backup.denyRemoveProtection                 |                                                 |
  | serverless.containers.restrictNetworkAccess | allowed_vpc_network_ids=[enphfcfseu9i********], |
  |                                             | allowed_src_ips=[192.168.1.12/24]               |
  +---------------------------------------------+-------------------------------------------------+
  ```

- API {#api}

  Use the [listAccessPolicyBindings](../../../resource-manager/api-ref/Folder/listAccessPolicyBindings.md) REST API method for the [Folder](../../../resource-manager/api-ref/Folder/index.md) resource or the [FolderService/ListAccessPolicyBindings](../../../resource-manager/api-ref/grpc/Folder/listAccessPolicyBindings.md) gRPC API call.

{% endlist %}

## Viewing access policies created for a cloud {#cloud}

To view the list of [cloud](../../../resource-manager/concepts/resources-hierarchy.md#cloud) access policies:

{% list tabs group=instructions %}

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  Run the command, specifying the name or [ID](../../../resource-manager/operations/cloud/get-id.md) of the cloud for which you want to view the created policies:

  ```bash
  yc resource-manager cloud list-access-policy-bindings <cloud_name_or_ID>
  ```

  Result:

  ```
  +---------------------------------------------+-------------------------------------------------+
  |          ACCESS POLICY TEMPLATE ID          |                   PARAMETERS                    |
  +---------------------------------------------+-------------------------------------------------+
  | backup.denyRemoveProtection                 |                                                 |
  | serverless.containers.restrictNetworkAccess | allowed_vpc_network_ids=[enphfcfseu9i********], |
  |                                             | allowed_src_ips=[192.168.1.12/24]               |
  +---------------------------------------------+-------------------------------------------------+
  ```

- API {#api}

  Use the [listAccessPolicyBindings](../../../resource-manager/api-ref/Cloud/listAccessPolicyBindings.md) REST API method for the [Cloud](../../../resource-manager/api-ref/Cloud/index.md) resource or the [CloudService/ListAccessPolicyBindings](../../../resource-manager/api-ref/grpc/Cloud/listAccessPolicyBindings.md) gRPC API call.

{% endlist %}

## Viewing access policies created for an organization {#organization}

To view the list of [organization](../../../organization/concepts/organization.md) access policies:

{% list tabs group=instructions %}

- CLI {#cli}

  If you do not have the Yandex Cloud CLI yet, [install and initialize it](../../../cli/quickstart.md#install).

  Run the command, specifying the name or [ID](../../../organization/operations/organization-get-id.md) of the organization for which you want to view the created policies:

  ```bash
  yc organization-manager organization list-access-policy-bindings <organization_name_or_ID>
  ```

  Result:

  ```
  +------------------------------+
  |  ACCESS POLICY TEMPLATE ID   |
  +------------------------------+
  | organization.denyUserListing |
  +------------------------------+
  ```

- API {#api}

  Use the [listAccessPolicyBindings](../../../organization/api-ref/Organization/listAccessPolicyBindings.md) REST API method for the [Organization](../../../organization/api-ref/Organization/index.md) resource or the [OrganizationService/ListAccessPolicyBindings](../../../organization/api-ref/grpc/Organization/listAccessPolicyBindings.md) gRPC API call.

{% endlist %}

#### Useful links {#see-also}

* [Access policies](../../concepts/access-control/access-policies.md)
* [Getting a list of supported access policy templates](list.md)
* [Creating an access policy for a resource](assign.md)
* [Deleting an access policy](revoke.md)