This document explains how to delete realms and attachments. After you create a realm, you can't edit it. If you want to make changes to the realm, you must delete it and create a new realm.
Required roles
- For all SSE providers:
To get the permissions that you need to delete realms and attachments, ask your administrator to grant you the Compute Network Admin (
roles/compute.networkAdmin) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.You might also be able to get the required permissions through custom roles or other predefined roles.
- For Symantec Cloud SWG:
To ensure that Network Security Service Account has the necessary permissions to delete attachments and their corresponding Symantec locations, ask your administrator to grant Network Security Service Account the Secret Manager Secret Accessor (
roles/secretmanager.secretAccessor) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.Your administrator might also be able to give Network Security Service Account the required permissions through custom roles or other predefined roles.
Additionally, make sure that the API credentials you stored in Secret Manager when you created the realm are still valid. If the credentials aren't valid, create and upload a new API key.
Delete attachments
To delete attachments, do the following.
gcloud
Run the
gcloud beta network-security secure-access-connect attachments delete command:
gcloud beta network-security secure-access-connect attachments delete ATTACHMENT_ID \
--project=PROJECT_ID \
--location=REGION
Replace the following:
ATTACHMENT_ID: the attachment IDPROJECT_ID: the project that contains the attachmentREGION: the region where the attachment is located
API
Use the projects.locations.sacAttachments.delete method
DELETE https://networksecurity.googleapis.com/v1beta1/{name=project/PROJECT_ID/locations/REGION}/sacAttachments/ATTACHMENT_ID
Replace the following:
PROJECT_ID: the project that contains the attachmentREGION: the region where the attachment is locatedATTACHMENT_ID: the attachment ID
Delete realms
You must delete all attachments before you can delete a realm. To delete a realm, do the following.
gcloud
Run the
gcloud beta network-security secure-access-connect realms delete command:
gcloud beta network-security secure-access-connect realms delete REALM_ID \
--project=PROJECT_ID
Replace the following:
REALM_ID: the realm IDPROJECT_ID: the project that contains the realm
API
Use the projects.locations.sacRealms.delete method
DELETE https://networksecurity.googleapis.com/v1beta1/project/PROJECT_ID/locations/global/sacRealms/REALM_ID
Replace the following:
PROJECT_ID: the project that contains the realmREALM_ID: the realm ID