Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Revoking an access policy

Written by
Updated at February 25, 2026

Note

This feature is in the Preview stage. To get access, contact tech support or your account manager.

Access policies are a Yandex Identity and Access Management mechanism that allows you to manage permissions for specific operations with Yandex Cloud resources. Access policies complement the role system for more flexible access management.

You can revoke an access policy from a folder, cloud, or organization.

Note

To manage access policies, a user must have one of the following roles:

Revoking an access policy from a folder

To revoke an access policy assigned for a folder:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of access policy IDs assigned for the folder.

  2. Run this command:

    yc resource-manager folder unbind-access-policy \
  --name <folder_name> \
  --access-policy-template-id=<access_policy_ID>

    Where:

    • --name: Name of the folder you want to revoke the policy from. Instead of the folder name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to revoke from the specified folder.

  3. Make sure the policy has been revoked.

Use the unbindAccessPolicy REST API method for the Folder resource or the FolderService/UnbindAccessPolicy gRPC API call.

The specified access policy will no longer apply to resources in the specified folder.

Revoking an access policy from a cloud

To revoke an access policy assigned for a cloud:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of access policy IDs assigned for the cloud.

  2. Run this command:

    yc resource-manager cloud unbind-access-policy \
  --name <cloud_name> \
  --access-policy-template-id=<access_policy_ID>

    Where:

    • --name: Name of the cloud you want to revoke the policy from. Instead of the cloud name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to revoke from the specified cloud.

  3. Make sure the policy has been revoked.

Use the unbindAccessPolicy REST API method for the Cloud resource or the CloudService/UnbindAccessPolicy gRPC API call.

The specified access policy will no longer apply to resources within all folders in the given cloud.

Revoking an access policy from an organization

To revoke an access policy assigned for an organization:

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

  1. Get a list of access policy IDs assigned for the organization.

  2. Run this command:

    yc organization-manager organization unbind-access-policy \
  --name <organization_name> \
  --access-policy-template-id=<access_policy_ID>

    Where:

    • --name: Name of the organization you want to revoke the policy from. Instead of the organization name, you can provide its ID in the --id parameter.
    • --access-policy-template-id: ID of the access policy you want to revoke from the specified organization.

  3. Make sure the policy has been revoked.

Use the unbindAccessPolicy REST API method for the Organization resource or the OrganizationService/UnbindAccessPolicy gRPC API call.

The access policy will no longer apply to resources within all clouds in the specified organization.

See also

Previous
Viewing policies assigned for a resource
Next
Assigning roles