Revoking roles assigned to a function

Written by

Updated at March 17, 2026

CLI

API

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id options.

To revoke a role for a function, run this command:

User:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --user-account-id <user_ID> \
  --role <role>

Result:

done (1s)

Service account:

yc serverless function remove-access-binding \
  --id <function_ID> \
  --service-account-id <service_account_ID> \
  --role <role>

Result:

done (1s)

All authorized users (the All authenticated users public group):

yc serverless function remove-access-binding \
  --id <function_ID> \
  --all-authenticated-users \
  --role <role>

Result:

done (1s)

To revoke function roles, use the updateAccessBindings REST API method for the Function resource or the FunctionService/UpdateAccessBindings gRPC API call.

Revoking roles assigned to a function

Was the article helpful?