Revoking roles assigned for an EventRouter resource
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.
Run this command to revoke a role for an EventRouter resource from:
-
User:
yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --user-account-id <user_ID> \ --role <role> -
yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --service-account-id <service_account_ID> \ --role <role> -
All authorized users (the
All authenticated userspublic group):yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --all-authenticated-users \ --role <role>
Example
Revoking a role for a bus from a service account:
yc serverless eventrouter bus remove-access-binding epdplu8jn7sr******** \
--service-account-id rrbilgiqaptv******** \
--role serverless.eventrouter.auditor
Result:
...1s...done (3s)
Use the updateAccessBinding REST API method for the relevant resource or the <service>/UpdateAccessBinding gRPC API call.
For example, for a bus, use the updateAccessBinding REST API method for the Bus resource or the BusService/UpdateAccessBinding gRPC API call.