NAME

gcloud ai-platform models remove-iam-policy-binding - remove IAM policy binding for a model

SYNOPSIS

gcloud ai-platform models remove-iam-policy-binding MODEL --member=PRINCIPAL --role=ROLE [--region=REGION] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

Removes a policy binding from an AI Platform Model. One binding consists of a member, a role and an optional condition. See $ gcloud ai-platform models get-iam-policy for examples of how to specify a model resource.

EXAMPLES

To remove an IAM policy binding for the role of 'roles/ml.admin' for the user 'test-user@gmail.com' on model with identifier 'my_model', run:

$ gcloud ai-platform models remove-iam-policy-binding my_model \ --member='user:test-user@gmail.com' --role='roles/ml.admin'

To remove an IAM policy binding for the role of 'roles/ml.admin' from all authenticated users on model 'my_model', run:

$ gcloud ai-platform models remove-iam-policy-binding my_model \ --member='allAuthenticatedUsers' --role='roles/ml.admin'

See https://cloud.google.com/iam/docs/managing-policies for details of policy role and principal types.

POSITIONAL ARGUMENTS

Model resource - The AI Platform model for which to remove IAM policy binding

from. This represents a Cloud resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:

provide the argument model on the command line with a fully specified name;

provide the argument --project on the command line;

set the property core/project.

This must be specified.

MODEL

ID of the model or fully qualified identifier for the model. To set the name attribute:

  • provide the argument model on the command line.

REQUIRED FLAGS

--member=PRINCIPAL

The principal to remove the binding for. Should be of the form user|group|serviceAccount:email or domain:domain.

Examples: user:test-user@gmail.com, group:admins@example.com, serviceAccount:test123@example.domain.com, or domain:example.domain.com.

Deleted principals have an additional deleted: prefix and a ?uid=UID suffix, where UID is a unique identifier for the principal. Example: deleted:user:test-user@gmail.com?uid=123456789012345678901.

Some resources also accept the following special values:

allUsers - Special identifier that represents anyone who is on the internet, with or without a Google account.

allAuthenticatedUsers - Special identifier that represents anyone who is authenticated with a Google account or a service account.

--role=ROLE

The role to remove the principal from.

OPTIONAL FLAGS

--region=REGION

Google Cloud region of the regional endpoint to use for this command. For the global endpoint, the region needs to be specified as global.

Learn more about regional endpoints and see a list of available regions: https://cloud.google.com/ai-platform/prediction/docs/regional-endpoints

REGION must be one of: global, asia-east1, asia-northeast1, asia-southeast1, australia-southeast1, europe-west1, europe-west2, europe-west3, europe-west4, northamerica-northeast1, us-central1, us-east1, us-east4, us-west1.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

These variants are also available:

$ gcloud alpha ai-platform models remove-iam-policy-binding

$ gcloud beta ai-platform models remove-iam-policy-binding