Revoking roles assigned for an EventRouter resource
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
Run this command to revoke a role for an EventRouter resource from:
-
User:
yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --user-account-id <user_ID> \ --role <role> -
yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --service-account-id <service_account_ID> \ --role <role> -
All authorized users (the
All authenticated userspublic group):yc serverless <resource_type> remove-access-binding <resource_name_or_ID> \ --all-authenticated-users \ --role <role>
Example
Revoking a role for a bus from a service account:
yc serverless eventrouter bus remove-access-binding epdplu8jn7sr******** \
--service-account-id rrbilgiqaptv******** \
--role serverless.eventrouter.auditor
Result:
...1s...done (3s)
Use the updateAccessBinding REST API method for the relevant resource or the <service>/UpdateAccessBinding gRPC API call.
For example, for a bus, use the updateAccessBinding REST API method for the Bus resource or the BusService/UpdateAccessBinding gRPC API call.