Revoking roles assigned to a function

Written by

Updated at May 5, 2025

CLI

API

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

To revoke a role for a function, run this command:

User:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --user-account-id <user_ID> \
  --role <role>

Result:

done (1s)

Service account:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --service-account-id <service_account_ID> \
  --role <role>

Result:

done (1s)

All authorized users (the All authenticated users public group):

yc serverless function remove-access-binding \
  --id <function_ID> \
  --all-authenticated-users \
  --role <role>

Result:

done (1s)

To revoke function roles, use the updateAccessBindings REST API method for the Function resource or the FunctionService/UpdateAccessBindings gRPC API call.

Revoking roles assigned to a function

Was the article helpful?