NAME
    gcloud beta gemini cloud-assist investigations remove-iam-policy-binding -
        removes an IAM policy binding from an investigation

SYNOPSIS
    gcloud beta gemini cloud-assist investigations remove-iam-policy-binding
        INVESTIGATION --member=PRINCIPAL --role=ROLE [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (BETA) Removes an IAM policy binding from an investigation.

EXAMPLES
    To remove an IAM policy binding for the role of
    'roles/geminicloudassist.investigationUser' for the user
    'test-user@gmail.com' from the investigation
    'project/my-project/locations/my-location/investigations/my-investigation',
    run:

        $ gcloud beta gemini cloud-assist investigations \
            remove-iam-policy-binding \
            project/my-project/locations/my-location/investigations/\
        my-investigation --member='user:test-user@gmail.com' \
            --role='roles/geminicloudassist.investigations.user'

    See https://cloud.google.com/iam/docs/managing-policies for details of
    policy role and member types.

POSITIONAL ARGUMENTS
     Investigation resource - The investigation name to remove IAM policy
     binding from. This represents a Cloud resource. (NOTE) Some attributes are
     not given arguments in this group but can be set in other ways.

     To set the project attribute:
      ◆ provide the argument investigation on the command line with a fully
        specified name;
      ◆ provide the argument --project on the command line;
      ◆ set the property core/project.

     To set the location attribute:
      ◆ provide the argument investigation on the command line with a fully
        specified name;
      ◆ The default is global.

     This must be specified.

       INVESTIGATION
          ID of the investigation or fully qualified identifier for the
          investigation.

          To set the investigation attribute:
          ▸ provide the argument investigation on the command line.

REQUIRED FLAGS
     --member=PRINCIPAL
        The principal to add the binding for. Should be of the form
        user|group|serviceAccount:email or domain:domain.

        Examples: user:test-user@gmail.com, group:admins@example.com,
        serviceAccount:test123@example.domain.com, or
        domain:example.domain.com.

        Some resources also accept the following special values:
        ◆ allUsers - Special identifier that represents anyone who is on the
          internet, with or without a Google account.
        ◆ allAuthenticatedUsers - Special identifier that represents anyone
          who is authenticated with a Google account or a service account.

     --role=ROLE
        Role name to assign to the principal. The role name is the complete
        path of a predefined role, such as roles/logging.viewer, or the role ID
        for a custom role, such as
        organizations/{ORGANIZATION_ID}/roles/logging.viewer.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in beta and might change without notice.

