- gcloud alpha artifacts repositories remove-iam-policy-binding - remove an IAM policy binding from the IAM policy of an Artifact Registry repository
gcloud alpha artifacts repositories remove-iam-policy-bindingremoves an IAM policy binding from the IAM policy of an Artifact Registry repository. One binding consists of a member, a role, and an optional condition.
This command can fail for the following reasons:
- The repository specified does not exist.
- The active account does not have permission to access the given repository's IAM policies.
- POSITIONAL ARGUMENTS
Repository resource - Name of the Artifact Registry repository. The arguments in
this group can be used to specify the attributes of this resource. (NOTE) Some
attributes are not given arguments in this group but can be set in other ways.
To set the [project] attribute: provide the argument [repository] on the command
line with a fully specified name; set the property [core/project]; provide the
argument [--project] on the command line. This must be specified.
- ID of the repository or fully qualified identifier for the repository. This positional must be specified if any of the other arguments in this group are specified.
- Location of the repository. Overrides the default artifacts/location property value for this command invocation. To configure the default location, use the command: gcloud config set artifacts/location.
- Repository resource - Name of the Artifact Registry repository. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the [project] attribute: provide the argument [repository] on the command line with a fully specified name; set the property [core/project]; provide the argument [--project] on the command line. This must be specified.
- REQUIRED FLAGS
The member to remove the binding for. Should be of the form
Can also be one of the following special values:
allUsers- Special identifier that represents anyone who is on the internet, with or without a Google account.
allAuthenticatedUsers- Special identifier that represents anyone who is authenticated with a Google account or a service account.
- The role to remove the member from.
- OPTIONAL FLAGS
At most one of these may be specified:
- Remove all bindings with this role and member, irrespective of any conditions.
Condition of the binding to be removed. When condition is explicitly specified
None(e.g. --condition=None), it matches a binding without a condition. Otherwise, only the binding with a condition which exactly matches the specified condition (including the optional description) will be removed.
- (Required) Expression of the condition which evaluates to True or False. This uses a subset of Common Expression Language syntax.
- (Required) Title for the expression, i.e. a short string describing its purpose.
(Optional) Description for the expression. This is a longer text which describes
NOTE: An unsatisfied condition will not allow access via this binding.
Path to a local JSON or YAML file that defines the condition. To see available
fields, see the help for
- At most one of these may be specified:
- GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account,
--log-http, --project, --quiet, --trace-token, --user-output-enabled,
$ gcloud helpfor details.
- API REFERENCE
This command uses the
artifactregistry/v1beta1API. The full documentation for this API can be found at: https://cloud.google.com/artifacts/docs/
To remove an IAM policy binding for the role of 'roles/editor' for the user
'email@example.com' with repository 'my-repo', run:
$ gcloud alpha artifacts repositories remove-iam-policy-binding \ my-repo --member='user:firstname.lastname@example.org' \ --role='roles/editor'
See https://cloud.google.com/iam/docs/managing-policies for details of policy role and member types.
- This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you may be trying to access an API with an invitation-only early access whitelist.
Last updated 2020-02-04.