HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/help/man/man1/
Upload Files
File: //snap/google-cloud-cli/396/help/man/man1/gcloud_organizations_remove-iam-policy-binding.1
.TH "GCLOUD_ORGANIZATIONS_REMOVE\-IAM\-POLICY\-BINDING" 1



.SH "NAME"
.HP
gcloud organizations remove\-iam\-policy\-binding \- remove IAM policy binding for an organization



.SH "SYNOPSIS"
.HP
\f5gcloud organizations remove\-iam\-policy\-binding\fR \fIORGANIZATION\fR \fB\-\-member\fR=\fIPRINCIPAL\fR \fB\-\-role\fR=\fIROLE\fR [\fB\-\-all\fR\ |\ \fB\-\-condition\fR=[\fIKEY\fR=\fIVALUE\fR,...]\ |\ \fB\-\-condition\-from\-file\fR=\fIPATH_TO_FILE\fR] [\fIGCLOUD_WIDE_FLAG\ ...\fR]



.SH "DESCRIPTION"

Removes a policy binding from the IAM policy of an organization, given an
organization ID and the binding. One binding consists of a member, a role, and
an optional condition.



.SH "EXAMPLES"

To remove an IAM policy binding for the role of 'roles/editor' for the user
\'test\-user@gmail.com' on organization with identifier
\'example\-organization\-id\-1', run:

.RS 2m
$ gcloud organizations remove\-iam\-policy\-binding \e
  example\-organization\-id\-1 \-\-member='user:test\-user@gmail.com' \e
  \-\-role='roles/editor'
.RE

To remove an IAM policy binding for the role of 'roles/editor' from all
authenticated users on organization 'example\-organization\-id\-1', run:

.RS 2m
$ gcloud organizations remove\-iam\-policy\-binding \e
  example\-organization\-id\-1 \-\-member='allAuthenticatedUsers' \e
  \-\-role='roles/editor'
.RE

To remove an IAM policy binding with a condition of expression='request.time <
timestamp("2019\-01\-01T00:00:00Z")', title='expires_end_of_2018', and
description='Expires at midnight on 2018\-12\-31' for the role of
\'roles/browser' for the user 'test\-user@gmail.com' on organization with
identifier 'example\-organization\-id\-1', run:

.RS 2m
$ gcloud organizations remove\-iam\-policy\-binding \e
  example\-organization\-id\-1 \-\-member='user:test\-user@gmail.com' \e
  \-\-role='roles/browser' \e
  \-\-condition='expression=request.time <
timestamp("2019\-01\-01T00:00:00Z"),title=expires_end_of_2018,descrip\e
tion=Expires at midnight on 2018\-12\-31'
.RE

To remove all IAM policy bindings regardless of the condition for the role of
\'roles/browser' and for the user 'test\-user@gmail.com' on organization with
identifier 'example\-organization\-id\-1', run:

.RS 2m
$ gcloud organizations remove\-iam\-policy\-binding \e
  example\-organization\-id\-1 \-\-member='user:test\-user@gmail.com' \e
  \-\-role='roles/browser' \-\-all
.RE

See https://cloud.google.com/iam/docs/managing\-policies for details of policy
role and member types.



.SH "POSITIONAL ARGUMENTS"

.RS 2m
.TP 2m

Organization resource \- The organization to remove the IAM policy binding. This
represents a Cloud resource.

This must be specified.


.RS 2m
.TP 2m
\fIORGANIZATION\fR

ID of the organization or fully qualified identifier for the organization.

To set the \f5organization\fR attribute:
.RS 2m
.IP "\(bu" 2m
provide the argument \f5organization\fR on the command line.
.RE
.sp


.RE
.RE
.sp

.SH "REQUIRED FLAGS"

.RS 2m
.TP 2m
\fB\-\-member\fR=\fIPRINCIPAL\fR

The principal to remove the binding for. Should be of the form
\f5user|group|serviceAccount:email\fR or \f5domain:domain\fR.

Examples: \f5user:test\-user@gmail.com\fR, \f5group:admins@example.com\fR,
\f5serviceAccount:test123@example.domain.com\fR, or
\f5domain:example.domain.com\fR.

Deleted principals have an additional \f5deleted:\fR prefix and a \f5?uid=UID\fR
suffix, where \f5\fIUID\fR\fR is a unique identifier for the principal. Example:
\f5deleted:user:test\-user@gmail.com?uid=123456789012345678901\fR.

Some resources also accept the following special values:
.RS 2m
.IP "\(em" 2m
\f5allUsers\fR \- Special identifier that represents anyone who is on the
internet, with or without a Google account.
.IP "\(em" 2m
\f5allAuthenticatedUsers\fR \- Special identifier that represents anyone who is
authenticated with a Google account or a service account.
.RE
.sp

.TP 2m
\fB\-\-role\fR=\fIROLE\fR

The role to remove the principal from.


.RE
.sp

.SH "OPTIONAL FLAGS"

.RS 2m
.TP 2m

At most one of these can be specified:


.RS 2m
.TP 2m
\fB\-\-all\fR

Remove all bindings with this role and principal, irrespective of any
conditions.

.TP 2m
\fB\-\-condition\fR=[\fIKEY\fR=\fIVALUE\fR,...]

The condition of the binding that you want to remove. When the condition is
explicitly specified as \f5None\fR (\f5\-\-condition=None\fR), a binding without
a condition is removed. Otherwise, only a binding with a condition that exactly
matches the specified condition (including the optional description) is removed.
For more on conditions, refer to the conditions overview guide:
https://cloud.google.com/iam/docs/conditions\-overview

When using the \f5\-\-condition\fR flag, include the following key\-value pairs:

.RS 2m
.TP 2m
\fBexpression\fR
(Required) Condition expression that evaluates to True or False. This uses a
subset of Common Expression Language syntax.

If the condition expression includes a comma, use a different delimiter to
separate the key\-value pairs. Specify the delimiter before listing the
key\-value pairs. For example, to specify a colon (\f5:\fR) as the delimiter, do
the following: \f5\-\-condition=^:^title=TITLE:expression=EXPRESSION\fR. For
more information, see
https://cloud.google.com/sdk/gcloud/reference/topic/escaping.

.TP 2m
\fBtitle\fR
(Required) A short string describing the purpose of the expression.

.TP 2m
\fBdescription\fR
(Optional) Additional description for the expression.

.RE
.sp
.TP 2m
\fB\-\-condition\-from\-file\fR=\fIPATH_TO_FILE\fR

Path to a local JSON or YAML file that defines the condition. To see available
fields, see the help for \f5\-\-condition\fR. Use a full or relative path to a
local file containing the value of condition.


.RE
.RE
.sp

.SH "GCLOUD WIDE FLAGS"

These flags are available to all commands: \-\-access\-token\-file, \-\-account,
\-\-billing\-project, \-\-configuration, \-\-flags\-file, \-\-flatten,
\-\-format, \-\-help, \-\-impersonate\-service\-account, \-\-log\-http,
\-\-project, \-\-quiet, \-\-trace\-token, \-\-user\-output\-enabled,
\-\-verbosity.

Run \fB$ gcloud help\fR for details.



.SH "API REFERENCE"

This command uses the \fBcloudresourcemanager/v1\fR API. The full documentation
for this API can be found at: https://cloud.google.com/resource\-manager



.SH "NOTES"

These variants are also available:

.RS 2m
$ gcloud alpha organizations remove\-iam\-policy\-binding
.RE

.RS 2m
$ gcloud beta organizations remove\-iam\-policy\-binding
.RE
@ Telegram