Revoking roles assigned for an EventRouter resource

Written by

Updated at April 14, 2025

CLI

API

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameters.

Run this command to revoke a role for an EventRouter resource from:

User:

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --user-account-id <user_ID> \
  --role <role>

Service account:

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --service-account-id <service_account_ID> \
  --role <role>

All authorized users (the All authenticated users public group):

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --all-authenticated-users \
  --role <role>

Example

Revoking a role for a bus from a service account:

yc serverless eventrouter bus remove-access-binding epdplu8jn7sr******** \
  --service-account-id rrbilgiqaptv******** \
  --role serverless.eventrouter.auditor

Result:

...1s...done (3s)

Use the updateAccessBinding REST API method for the relevant resource or the <service>/UpdateAccessBinding gRPC API call.

For example, for a bus, use the updateAccessBinding REST API method for the Bus resource or the BusService/UpdateAccessBinding gRPC API call.

Revoking roles assigned for an EventRouter resource

Was the article helpful?