Revoking roles assigned to a function

Written by

Updated at June 9, 2025

CLI

API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

To revoke a role for a function, run this command:

User:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --user-account-id <user_ID> \
  --role <role>

Result:

done (1s)

Service account:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --service-account-id <service_account_ID> \
  --role <role>

Result:

done (1s)

All authorized users (the All authenticated users public group):

yc serverless function remove-access-binding \
  --id <function_ID> \
  --all-authenticated-users \
  --role <role>

Result:

done (1s)

To revoke function roles, use the updateAccessBindings REST API method for the Function resource or the FunctionService/UpdateAccessBindings gRPC API call.

Revoking roles assigned to a function

Was the article helpful?