gcloud ai-platform models remove-iam-policy-binding - remove IAM policy binding for a model
gcloud ai-platform models remove-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]
Removes a policy binding from an AI Platform Model. One binding consists of a member, a role and an optional condition. See $ gcloud ai-platform models get-iam-policy for examples of how to specify a model resource.
To remove an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on model with identifier 'my_model', run:
$ gcloud ai-platform models remove-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'
To remove an IAM policy binding for the role of 'roles/ml.admin' from all authenticated users on model 'my_model', run:
$ gcloud ai-platform models remove-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'
See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.
- Model resource - The AI Platform model for which to remove IAM policy binding
from. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument model on the command line with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
This must be specified.
- MODEL
ID of the model or fully qualified identifier for the model. To set the name attribute:
provide the argument model on the command line.
- --member=PRINCIPAL
The principal to remove the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.
Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.
Deleted principals have an additional deleted: prefix and a ?uid=UID suffix, where UID is a unique identifier for the principal. Example: deleted:user:test-user@gmail.com?uid=123456789012345678901.
Some resources also accept the following special values:
- —
allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.
- —
allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.
- --role=ROLE
The role to remove the principal from.
- --region=REGION
Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.
Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints
REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha ai-platform models remove-iam-policy-binding
$ gcloud beta ai-platform models remove-iam-policy-binding