Remove a role from a member in an organization. The member can be either a human user or a service account.
EXAMPLES
To remove the role "pr-test-role" for user "test-user@example.com" with IdP prefix "fop" in organization "org-1", run:
gdcloud organizations remove-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com
To remove the role "pr-test-role" for service account "test-sa" of project "test-sa-project" in the organization "org-1", run:
gdcloud organizations remove-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa
REQUIRED FLAGS
--member string The member to remove the binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.
--role string Role name to be removed from the member.
GDCLOUD WIDE FLAGS
These flags are available to all commands: --configuration, --format, --help, --project, --quiet.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis command \u003ccode\u003egdcloud organizations remove-iam-policy-binding\u003c/code\u003e removes a specific role from a designated member within an organization.\u003c/p\u003e\n"],["\u003cp\u003eThe member can be a human user, specified by their email with an IdP prefix, or a service account, defined by the project and account name.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003e--member\u003c/code\u003e flag specifies the user or service account, while the \u003ccode\u003e--role\u003c/code\u003e flag identifies the role to be removed.\u003c/p\u003e\n"],["\u003cp\u003eUsers can run the command to remove a role for a human user or a service account by following the provided example format and command structure.\u003c/p\u003e\n"],["\u003cp\u003eSeveral other flags are provided at the command line level such as \u003ccode\u003e--configuration\u003c/code\u003e, \u003ccode\u003e--format\u003c/code\u003e, \u003ccode\u003e--help\u003c/code\u003e, \u003ccode\u003e--project\u003c/code\u003e, \u003ccode\u003e--quiet\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# gdcloud organizations remove-iam-policy-binding\n\nNAME\n----\n\ngdcloud organizations remove-iam-policy-binding - Remove a role from a member in an organization\n\nSYNOPSIS\n--------\n\n gdcloud organizations remove-iam-policy-binding ORGANIZATION_ID [flags]\n\nDESCRIPTION\n-----------\n\nRemove a role from a member in an organization. The member can be either a human user or a service account.\n\n### EXAMPLES\n\n\n To remove the role \"pr-test-role\" for user \"test-user@example.com\" with IdP prefix \"fop\" in organization \"org-1\", run:\n\n gdcloud organizations remove-iam-policy-binding org-1 --role=pr-test-role --member=user:fop-test-user@example.com\n\n To remove the role \"pr-test-role\" for service account \"test-sa\" of project \"test-sa-project\" in the organization \"org-1\", run:\n\n gdcloud organizations remove-iam-policy-binding org-1 --role=pr-test-role --member=serviceAccount:test-sa-project:test-sa\n\n### REQUIRED FLAGS\n\n --member string The member to remove the binding for, defined by either user:EMAIL or serviceAccount:SERVICE_ACCOUNT_PROJECT:SERVICE_ACCOUNT_NAME. The email must contain the IdP prefix for the user.\n --role string Role name to be removed from the member.\n\n### GDCLOUD WIDE FLAGS\n\nThese flags are available to all commands: `--configuration`, `--format`, `--help`, `--project`, `--quiet`.\n\nFor more information, see the [gdcloud CLI reference overview](/distributed-cloud/hosted/docs/latest/gdch/resources/gdcloud-reference/gdcloud) page."]]
