gcloud alpha pam grants withdraw

NAME
gcloud alpha pam grants withdraw - withdraw a Privileged Access Manager grant
SYNOPSIS
gcloud alpha pam grants withdraw (GRANT : --entitlement=ENTITLEMENT --folder=FOLDER --location=LOCATION --organization=ORGANIZATION) [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Withdraw a Privileged Access Manager (PAM) grant.
EXAMPLES
The following command withdraws a grant with the full name GRANT_NAME: 
gcloud alpha pam grants withdraw GRANT_NAME
POSITIONAL ARGUMENTS
Grant resource - Name of the grant to withdraw. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument grant on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project. This resource can be one of the following types: [privilegedaccessmanager.projects.locations.entitlements.grants, privilegedaccessmanager.folders.locations.entitlements.grants, privilegedaccessmanager.organizations.locations.entitlements.grants].

This must be specified.

GRANT
ID of the grant or fully qualified identifier for the grant.

To set the grant attribute:

  • provide the argument grant on the command line.

This positional argument must be specified if any of the other arguments in this group are specified.

--entitlement=ENTITLEMENT
The entitlement id

To set the entitlement attribute:

  • provide the argument grant on the command line with a fully specified name;
  • provide the argument --entitlement on the command line.
--folder=FOLDER
The name of the folder

To set the folder attribute:

  • provide the argument grant on the command line with a fully specified name;
  • provide the argument --folder on the command line. Must be specified for resource of type [privilegedaccessmanager.folders.locations.entitlements.grants].
--location=LOCATION
The resource location

To set the location attribute:

  • provide the argument grant on the command line with a fully specified name;
  • provide the argument --location on the command line.
--organization=ORGANIZATION
The name of the organization

To set the organization attribute:

  • provide the argument grant on the command line with a fully specified name;
  • provide the argument --organization on the command line. Must be specified for resource of type [privilegedaccessmanager.organizations.locations.entitlements.grants].
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

API REFERENCE
This command uses the privilegedaccessmanager/v1alpha API. The full documentation for this API can be found at: https://cloud.google.com/iam/docs/pam-overview
NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. This variant is also available: 
gcloud beta pam grants withdraw