Deleting an access policy
Note
This feature is in the Preview stage. To get access, contact tech support or your account manager.
Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies are based on templates and complement the role system for more flexible access management.
You can delete an access policy created for a folder, cloud, or organization.
Note
To manage access policies, a user must have one of the following roles:
resource-manager.adminoradminfor the folder or cloud to manage access policies at the folder or cloud level, respectively.organization-manager.adminoradminfor the organization to manage access policies at the organization level.
Deleting an access policy created for a folder
To delete an access policy created for a folder:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
-
Get a list of IDs of access policy templates assigned for the folder.
-
Run this command:
yc resource-manager folder unbind-access-policy \ --name <folder_name> \ --access-policy-template-id=<policy_template_ID>Where:
--name: Name of the folder that you want to delete the policy for. Instead of the folder name, you can provide its ID in the--idparameter.--access-policy-template-id: ID of the access policy template you want to delete for the specified folder.
-
Make sure the policy was deleted.
Use the unbindAccessPolicy REST API method for the Folder resource or the FolderService/UnbindAccessPolicy gRPC API call.
The specified access policy will no longer apply to resources in the specified folder.
Deleting an access policy created for a cloud
To delete an access policy created for a cloud:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
-
Get a list of IDs of access policy templates assigned for the cloud.
-
Run this command:
yc resource-manager cloud unbind-access-policy \ --name <cloud_name> \ --access-policy-template-id=<policy_template_ID>Where:
--name: Name of the cloud that you want to delete the policy for. Instead of the cloud name, you can provide its ID in the--idparameter.--access-policy-template-id: ID of the access policy template you want to delete from the specified cloud.
-
Make sure the policy was deleted.
Use the unbindAccessPolicy REST API method for the Cloud resource or the CloudService/UnbindAccessPolicy gRPC API call.
The specified access policy will no longer apply to resources within all folders in the given cloud.
Deleting an access policy created for an organization
To delete an access policy created for an organization, follow these steps:
If you do not have the Yandex Cloud CLI yet, install and initialize it.
-
Get a list of IDs of access policy templates assigned for the organization.
-
Run this command:
yc organization-manager organization unbind-access-policy \ --name <organization_name> \ --access-policy-template-id=<policy_template_ID>Where:
--name: Name of the organization to delete the policy for. Instead of the organization name, you can provide its ID in the--idparameter.--access-policy-template-id: ID of the access policy template you want to delete from the specified organization.
-
Make sure the policy was deleted.
Use the unbindAccessPolicy REST API method for the Organization resource or the OrganizationService/UnbindAccessPolicy gRPC API call.
The access policy will no longer apply to resources within all clouds in the specified organization.