Revoking roles assigned for a trail
April 9, 2025
See the description of the CLI command to revoke roles assigned for a trail:
yc audit-trails trail remove-access-binding --help
Get a list of trails:
yc audit-trails trail list
Result:
+----------------------+--------------+--------+-------------------+ | ID | NAME | STATUS | FILTERS | +----------------------+--------------+--------+-------------------+ | cnp82sb0phnm******** | trailfromapi | ACTIVE | storage compute | | | | | management.events | | cnp8v52idttr******** | tf-trail | ACTIVE | storage compute | | | | | mdb.postgresql | | cnpnkcubr529******** | test-2 | ACTIVE | compute | +----------------------+--------------+--------+-------------------+
To revoke a role assigned for a trail, run this command:
From a user:
yc audit-trails trail remove-access-binding \ --id <trail_ID> \ --user-account-id <user_ID> \ --role <role>
Result:
done (1s)
From a service account:
yc audit-trails trail remove-access-binding \ --id <trail_ID> \ --service-account-id <service_account_ID> \ --role <role>
Result:
done (1s)
From all authorized users (the
All authenticated userspublic group):
yc audit-trails trail remove-access-binding \ --id <trail_ID> \ --all-authenticated-users \ --role <role>
Result:
done (1s)
To revoke roles for a trail, use the updateAccessBindings REST API method for the Trail resource or the TrailService/UpdateAccessBindings gRPC API call.