gcloud_beta_organizations_remove-iam-policy-binding (1)
NAME
- gcloud beta organizations remove-iam-policy-binding - remove IAM policy binding for an organization
SYNOPSIS
-
gcloud beta organizations remove-iam-policy-binding ORGANIZATION --member=MEMBER --role=ROLE [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) Removes a policy binding from the IAM policy of an organization,
POSITIONAL ARGUMENTS
-
-
Organization resource - The organization to remove the IAM policy binding. This
represents a Cloud resource. This must be specified.
-
- ORGANIZATION
-
ID of the organization or fully qualified identifier for the organization.
-
-
Organization resource - The organization to remove the IAM policy binding. This
represents a Cloud resource. This must be specified.
REQUIRED FLAGS
-
- --member=MEMBER
-
The member to remove the binding for. Should be of the form
user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Can also be one of the following special values:-
- ---
- allUsers - anyone who is on the internet, with or without a Google account.
- ---
- allAuthenticatedUsers - anyone who is authenticated with a Google account or a service account.
-
-
- --role=ROLE
-
The role to remove the member from.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
API REFERENCE
This command uses the cloudresourcemanager/v1 API. The full documentation for this API can be found at: cloud.google.com/resource-manager
EXAMPLES
To remove an IAM policy binding for the role of 'roles/editor' for the user 'test-user@gmail.com' on organization with identifier 'example-organization-id-1', run:
-
$ gcloud beta organizations remove-iam-policy-binding \
example-organization-id-1 --member='user:test-user@gmail.com' \
--role='roles/editor'
To remove an IAM policy binding for the role of 'roles/editor' from all authenticated users on organization 'example-organization-id-1', run:
-
$ gcloud beta organizations remove-iam-policy-binding \
example-organization-id-1 --member='allAuthenticatedUsers' \
--role='roles/editor'
See cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
NOTES
This command is currently in BETA and may change without notice. These variants are also available:
- $ gcloud organizations remove-iam-policy-binding $ gcloud alpha organizations remove-iam-policy-binding