Revoking roles assigned to a function
Written by
Updated at November 14, 2024
CLI
API
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
To revoke a role for a function, run this command:
- User:
yc serverless function remove-access-binding \ --id <function_ID> \ --user-account-id <user_ID> \ --role <role>
done (1s)
- Service account:
yc serverless function remove-access-binding \ --id <function_ID> \ --service-account-id <service_account_ID> \ --role <role>
done (1s)
- All authorized users (the
All authenticated users
public group):yc serverless function remove-access-binding \ --id <function_ID> \ --all-authenticated-users \ --role <role>
done (1s)
To revoke function roles, use the updateAccessBindings REST API method for the Function resource or the FunctionService/UpdateAccessBindings gRPC API call.