[Yandex Cloud documentation](../../index.md) > [Yandex Security Deck](../index.md) > [Access management](index.md) > Alerts module roles

# Service roles for Alerts

With the [Alerts](../concepts/alerts.md) service roles, you can manage the module's resources and access to them.

```mermaid
flowchart BT
    security-deck.alertSinks.admin["security-deck.<br>alertSinks.admin"] --> security-deck.admin
    security-deck.alertSinks.editor["security-deck.<br>alertSinks.editor"] --> security-deck.alertSinks.admin["security-deck.<br>alertSinks.admin"]
    security-deck.alertSinks.editor["security-deck.<br>alertSinks.editor"] --> security-deck.editor
    security-deck.alertSinks.user["security-deck.<br>alertSinks.user"] --> security-deck.alertSinks.editor["security-deck.<br>alertSinks.editor"]
    security-deck.alertSinks.viewer["security-deck.<br>alertSinks.viewer"] --> security-deck.alertSinks.editor["security-deck.<br>alertSinks.editor"]
    security-deck.alertSinks.viewer["security-deck.<br>alertSinks.viewer"] --> security-deck.viewer
    security-deck.alertSinks.auditor["security-deck.<br>alertSinks.auditor"] --> security-deck.alertSinks.viewer["security-deck.<br>alertSinks.viewer"]
    security-deck.alertSinks.auditor["security-deck.<br>alertSinks.auditor"] --> security-deck.auditor

    security-deck.auditor --> security-deck.viewer
    security-deck.viewer --> security-deck.editor
    security-deck.editor --> security-deck.admin

    security-deck.auditor ~~~ security-deck.admin
```

#### security-deck.alertSinks.user {#security-deck-alertSinks-user}

The `security-deck.alertSinks.user` role enables viewing info on [alert sinks](../concepts/workspace.md#alert-sinks) and using them.

#### security-deck.alertSinks.auditor {#security-deck-alertSinks-auditor}

The `security-deck.alertSinks.auditor` role enables viewing info on [alert sinks](../concepts/workspace.md#alert-sinks) and [access permissions](../../iam/concepts/access-control/index.md) granted for them.

#### security-deck.alertSinks.viewer {#security-deck-alertSinks-viewer}

The `security-deck.alertSinks.viewer` role enables viewing info on alerts and alert sinks as well as on access permissions granted for them.

Users with this role can:
* View info on [alert sinks](../concepts/workspace.md#alert-sinks) and access permissions granted for them.
* View info on [alerts](../concepts/alerts.md) and access permissions granted for them.
* View additional info on alerts and their sources, the list of affected resources, and tips on resolving issues.

This role includes the `security-deck.alertSinks.auditor` permissions.

#### security-deck.alertSinks.editor {#security-deck-alertSinks-editor}

The `security-deck.alertSinks.editor` role enables managing alert sinks, alerts, and comments in them.

Users with this role can:
* View info on [alert sinks](../concepts/workspace.md#alert-sinks) and [access permissions](../../iam/concepts/access-control/index.md) granted for them.
* Create, use, modify, and delete alert sinks.
* View info on [alerts](../concepts/alerts.md) and access permissions granted for them.
* View additional info on alerts and their sources, the list of affected resources, and tips on resolving issues.
* Create, modify, and delete alerts.
* View the list of comments to alerts, as well as create, modify, and delete such comments.

This role includes the `security-deck.alertSinks.viewer` and `security-deck.alertSinks.user` permissions.

#### security-deck.alertSinks.admin {#security-deck-alertSinks-admin}

The `security-deck.alertSinks.admin` role enables managing alert sinks and alerts, as well as access to them.

Users with this role can:
* View info on [alert sinks](../concepts/workspace.md#alert-sinks), as well as create, use, modify, and delete them.
* View info on [access permissions](../../iam/concepts/access-control/index.md) granted for alert sinks and modify such permissions.
* View info on [alerts](../concepts/alerts.md), as well as create, modify, and delete them.
* View info on access permissions granted for alerts and modify such permissions.
* View additional info on alerts and their sources, the list of affected resources, and tips on resolving issues.
* View the list of comments to alerts, as well as create, modify, and delete such comments.

This role includes the `security-deck.alertSinks.editor` permissions.