Stay organized with collections
Save and categorize content based on your preferences.
This document explains how to delete realms and attachments. After you create
a realm, you can't edit it. If you want to make changes to the realm, you must
delete it and create a new realm.
Additionally, make sure that the API credentials you stored in
Secret Manager when you created the realm are still valid. If the credentials aren't valid, create and
upload a new API key.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Delete realms and attachments\n\n| **Preview**\n|\n|\n| This feature is subject to the \"Pre-GA Offerings Terms\" in the General Service Terms section\n| of the [Service Specific Terms](/terms/service-terms#1).\n|\n| Pre-GA features are available \"as is\" and might have limited support.\n|\n| For more information, see the\n| [launch stage descriptions](/products#product-launch-stages).\n\nThis document explains how to delete realms and attachments. After you create\na realm, you can't edit it. If you want to make changes to the realm, you must\ndelete it and create a new realm.\n\nRequired roles\n--------------\n\n- For all SSE providers: \n\n\n To get the permissions that\n you need to delete realms and attachments,\n\n ask your administrator to grant you the\n\n\n [Compute Network Admin](/iam/docs/roles-permissions/compute#compute.networkAdmin) (`roles/compute.networkAdmin`)\n IAM role on the project.\n\n\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n\n You might also be able to get\n the required permissions through [custom\n roles](/iam/docs/creating-custom-roles) or other [predefined\n roles](/iam/docs/roles-overview#predefined).\n- For Symantec Cloud SWG: \n\n\n To ensure that [Network Security Service Account](/iam/docs/service-agents#network-security-service-account) has the necessary\n permissions to delete attachments and their corresponding Symantec locations,\n\n ask your administrator to grant [Network Security Service Account](/iam/docs/service-agents#network-security-service-account) the\n\n\n [Secret Manager Secret Accessor](/iam/docs/roles-permissions/secretmanager#secretmanager.secretAccessor) (`roles/secretmanager.secretAccessor`)\n IAM role on the project.\n\n\n | **Important:** You must grant this role to [Network Security Service Account](/iam/docs/service-agents#network-security-service-account), *not* to your user account. Failure to grant the role to the correct principal might result in permission errors.\n For more information about granting roles, see [Manage access to projects, folders, and organizations](/iam/docs/granting-changing-revoking-access).\n\n \u003cbr /\u003e\n\n\n Your administrator might also be able to give [Network Security Service Account](/iam/docs/service-agents#network-security-service-account)\n the required permissions through [custom\n roles](/iam/docs/creating-custom-roles) or other [predefined\n roles](/iam/docs/roles-overview#predefined).\n\n Additionally, make sure that the API credentials you stored in\n Secret Manager when you [created the realm](/secure-access-connect/docs/create-realms#create-realm) are still valid. If the credentials aren't valid, create and\n upload a new API key.\n\nDelete attachments\n------------------\n\nTo delete attachments, do the following.\n**Note:** If you use Symantec Cloud SWG, deleting an attachment also deletes the Symantec location that is connected to the attachment. \n\n### gcloud\n\nRun the\n[`gcloud beta network-security secure-access-connect attachments delete` command](/sdk/gcloud/reference/beta/network-security/secure-access-connect/attachments/delete): \n\n gcloud beta network-security secure-access-connect attachments delete \u003cvar translate=\"no\"\u003eATTACHMENT_ID\u003c/var\u003e \\\n --project=\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e \\\n --location=\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eATTACHMENT_ID\u003c/var\u003e: the attachment ID\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project that contains the attachment\n- \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e: the region where the attachment is located\n\n### API\n\nUse the [`projects.locations.sacAttachments.delete` method](/secure-access-connect/docs/reference/network-security/rest/v1beta1/projects.locations.sacAttachments/delete) \n\n DELETE https://networksecurity.googleapis.com/v1beta1/{name=project/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/locations/\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e}/sacAttachments/\u003cvar translate=\"no\"\u003eATTACHMENT_ID\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project that contains the attachment\n- \u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e: the region where the attachment is located\n- \u003cvar translate=\"no\"\u003eATTACHMENT_ID\u003c/var\u003e: the attachment ID\n\nDelete realms\n-------------\n\nYou must delete all attachments before you can delete a realm. To delete a\nrealm, do the following. \n\n### gcloud\n\nRun the\n[`gcloud beta network-security secure-access-connect realms delete` command](/sdk/gcloud/reference/beta/network-security/secure-access-connect/realms/delete): \n\n gcloud beta network-security secure-access-connect realms delete \u003cvar translate=\"no\"\u003eREALM_ID\u003c/var\u003e \\\n --project=\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eREALM_ID\u003c/var\u003e: the realm ID\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project that contains the realm\n\n### API\n\nUse the [`projects.locations.sacRealms.delete` method](/secure-access-connect/docs/reference/network-security/rest/v1beta1/projects.locations.sacRealms/delete) \n\n DELETE https://networksecurity.googleapis.com/v1beta1/project/\u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e/locations/global/sacRealms/\u003cvar translate=\"no\"\u003eREALM_ID\u003c/var\u003e\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: the project that contains the realm\n- \u003cvar translate=\"no\"\u003eREALM_ID\u003c/var\u003e: the realm ID"]]
