Revoking roles assigned for an EventRouter resource

Written by

Updated at June 9, 2025

CLI

API

If you do not have the Yandex Cloud CLI installed yet, install and initialize it.

By default, the CLI uses the folder specified when creating the profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also set a different folder for any specific command using the --folder-name or --folder-id parameter.

Run this command to revoke a role for an EventRouter resource from:

User:

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --user-account-id <user_ID> \
  --role <role>

Service account:

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --service-account-id <service_account_ID> \
  --role <role>

All authorized users (the All authenticated users public group):

yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \
  --all-authenticated-users \
  --role <role>

Example

Revoking a role for a bus from a service account:

yc serverless eventrouter bus remove-access-binding epdplu8jn7sr******** \
  --service-account-id rrbilgiqaptv******** \
  --role serverless.eventrouter.auditor

Result:

...1s...done (3s)

Use the updateAccessBinding REST API method for the relevant resource or the <service>/UpdateAccessBinding gRPC API call.

For example, for a bus, use the updateAccessBinding REST API method for the Bus resource or the BusService/UpdateAccessBinding gRPC API call.

Revoking roles assigned for an EventRouter resource

Was the article helpful?