Disable a service account
Stay organized with collections
Save and categorize content based on your preferences.
Demonstrates disabling a service account.
Explore further
For detailed documentation that includes this code sample, see the following:
Code sample
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],[],[[["\u003cp\u003eThis page provides code samples demonstrating how to disable a service account using the IAM API across multiple languages including C++, C#, Go, Java, and Python.\u003c/p\u003e\n"],["\u003cp\u003eDisabling a service account is achieved by making a \u003ccode\u003eDisableServiceAccount\u003c/code\u003e request to the IAM API, providing the unique identifier (name or email) of the targeted account.\u003c/p\u003e\n"],["\u003cp\u003eEach code sample includes guidance on how to install the necessary IAM client libraries and set up Application Default Credentials for authentication.\u003c/p\u003e\n"],["\u003cp\u003eThe samples link to detailed documentation, API reference materials, and the Google Cloud sample browser for further exploration and use of the IAM functionality.\u003c/p\u003e\n"],["\u003cp\u003eThe provided code snippets offer a way to disable a service account within their respective language, with each example providing a similar usage and structure.\u003c/p\u003e\n"]]],[],null,["# Disable a service account\n\nDemonstrates disabling a service account.\n\nExplore further\n---------------\n\n\nFor detailed documentation that includes this code sample, see the following:\n\n- [Disable and enable service accounts](/iam/docs/service-accounts-disable-enable)\n\nCode sample\n-----------\n\n### C++\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM C++ API\nreference documentation](/cpp/docs/reference/iam/latest).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n namespace iam = ::google::cloud::iam_admin_v1;\n [](std::string const& name) {\n iam::IAMClient client(iam::MakeIAMConnection());\n google::iam::admin::v1::DisableServiceAccountRequest request;\n request.set_name(name);\n auto response = client.DisableServiceAccount(request);\n if (!response.ok()) throw std::runtime_error(response.message());\n std::cout \u003c\u003c \"ServiceAccount successfully disabled.\\n\";\n }\n\n### C#\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM C# API\nreference documentation](https://developers.google.com/api-client-library/dotnet/apis/iam/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n\n using System;\n using https://cloud.google.com/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.html;\n using Google.Apis.Iam.v1;\n using Google.Apis.Iam.v1.Data;\n\n public partial class ServiceAccounts\n {\n public static void DisableServiceAccount(string email)\n {\n var credential = https://cloud.google.com/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.GoogleCredential.html.https://cloud.google.com/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.GoogleCredential.html#Google_Apis_Auth_OAuth2_GoogleCredential_GetApplicationDefault()\n .https://cloud.google.com/dotnet/docs/reference/Google.Apis/latest/Google.Apis.Auth.OAuth2.GoogleCredential.html#Google_Apis_Auth_OAuth2_GoogleCredential_CreateScoped_System_Collections_Generic_IEnumerable_System_String__(IamService.Scope.CloudPlatform);\n var service = new IamService(new IamService.Initializer\n {\n HttpClientInitializer = credential\n });\n\n var request = new DisableServiceAccountRequest();\n\n string resource = \"projects/-/serviceAccounts/\" + email;\n service.Projects.ServiceAccounts.Disable(request, resource).Execute();\n Console.WriteLine(\"Disabled service account: \" + email);\n }\n }\n\n### Go\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM Go API\nreference documentation](https://godoc.org/google.golang.org/genproto/googleapis/iam/admin/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import (\n \t\"context\"\n \t\"fmt\"\n \t\"io\"\n\n \tiam \"google.golang.org/api/iam/v1\"\n )\n\n // disableServiceAccount disables a service account.\n func disableServiceAccount(w io.Writer, email string) error {\n \t// email:= service-account@your-project.iam.gserviceaccount.com\n \tctx := context.Background()\n \tservice, err := iam.NewService(ctx)\n \tif err != nil {\n \t\treturn fmt.Errorf(\"iam.NewService: %w\", err)\n \t}\n\n \trequest := &iam.DisableServiceAccountRequest{}\n \t_, err = service.Projects.ServiceAccounts.Disable(\"projects/-/serviceAccounts/\"+email, request).Do()\n \tif err != nil {\n \t\treturn fmt.Errorf(\"Projects.ServiceAccounts.Disable: %w\", err)\n \t}\n \tfmt.Fprintf(w, \"Disabled service account: %v\", email)\n \treturn nil\n }\n\n### Java\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM Java API\nreference documentation](https://developers.google.com/api-client-library/java/apis/iam/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import com.google.cloud.iam.admin.v1.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html;\n import com.google.iam.admin.v1.https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.DisableServiceAccountRequest.html;\n import java.io.IOException;\n\n public class DisableServiceAccount {\n\n public static void main(String[] args) throws IOException {\n // TODO(Developer): Replace the below variables before running.\n String projectId = \"your-project-id\";\n String serviceAccountName = \"your-service-account-name\";\n\n disableServiceAccount(projectId, serviceAccountName);\n }\n\n // Disables a service account.\n public static void disableServiceAccount(String projectId, String accountName)\n throws IOException {\n String email = String.format(\"%s@%s.iam.gserviceaccount.com\", accountName, projectId);\n\n // Initialize client that will be used to send requests.\n // This client only needs to be created once, and can be reused for multiple requests.\n try (https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html iamClient = https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.cloud.iam.admin.v1.IAMClient.html.create()) {\n iamClient.disableServiceAccount(https://cloud.google.com/java/docs/reference/google-iam-admin/latest/com.google.iam.admin.v1.DisableServiceAccountRequest.html.newBuilder()\n .setName(String.format(\"projects/%s/serviceAccounts/%s\", projectId, email))\n .build());\n\n System.out.println(\"Disabled service account: \" + accountName);\n }\n }\n }\n\n### Python\n\n\nTo learn how to install and use the client library for IAM, see\n[IAM client libraries](/iam/docs/reference/libraries).\n\n\nFor more information, see the\n[IAM Python API\nreference documentation](https://developers.google.com/api-client-library/python/apis/iam/v1).\n\n\nTo authenticate to IAM, set up Application Default Credentials.\nFor more information, see\n\n[Set up authentication for a local development environment](/docs/authentication/set-up-adc-local-dev-environment).\n\n import time\n\n from google.cloud import iam_admin_v1\n from google.cloud.iam_admin_v1 import types\n\n\n def disable_service_account(project_id: str, account: str) -\u003e types.ServiceAccount:\n \"\"\"Disables a service account.\n\n project_id: ID or number of the Google Cloud project you want to use.\n account: ID or email which is unique identifier of the service account.\n \"\"\"\n\n iam_admin_client = iam_admin_v1.IAMClient()\n request = types.DisableServiceAccountRequest()\n name = f\"projects/{project_id}/serviceAccounts/{account}\"\n request.name = name\n\n iam_admin_client.disable_service_account(request=request)\n time.sleep(5) # waiting to make sure changes applied\n\n get_request = types.GetServiceAccountRequest()\n get_request.name = name\n\n service_account = iam_admin_client.get_service_account(request=get_request)\n if service_account.disabled:\n print(f\"Disabled service account: {account}\")\n return service_account\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=iam)."]]
