Removing context-based restrictions
By removing context-based restrictions, you delete restrictions that are defined by the contexts in a rule. Deleting rules removes context-based restrictions from the given resource, and requests from any context are allowed if the user has the correct permissions.
Removing a rule
You can remove a rule on your cloud resources by completing the following steps:
- In the IBM Cloud console, go to Manage > Context-based restrictions, and select Rules.
- Click the Actions icon in the row that contains the rule, and click Remove.
Removing a rule by using the CLI
You can remove a rule on your cloud resources by completing the following steps:
-
Retrieve the rule ID for the rule that you want to delete by using the context-based restrictions rules command. You can narrow the results of the list by specifying attributes as command options.
ibmcloud cbr rules --serviceName "iam-identity"
-
Delete the rule for the specified rule ID by using the cbr rule-delete command.
ibmcloud cbr rule-delete 30fd58c9b75f40e854b89c432318b4a2
Removing a rule by using the API
You can remove a rule on your cloud resources by completing the following steps:
-
Retrieve the rule ID for the rule that you want to delete by using the context-based-restrictions list rules method.
curl -X GET --location --header "Authorization: Bearer {iam_token}" --header "Accept: application/json" "{base_url}/v1/rules?account_id={account_id}"
ListRulesOptions listRulesOptions = new ListRulesOptions.Builder() .accountId("testString") .build(); Response<OutRulePage> response = contextBasedRestrictionsService.listRules(listRulesOptions).execute(); OutRulePage outRulePage = response.getResult(); System.out.println(outRulePage);
const params = { accountId: 'testString', }; contextBasedRestrictionsService.listRules(params) .then(res => { console.log(JSON.stringify(res.result, null, 2)); }) .catch(err => { console.warn(err) });
out_rule_page = context_based_restrictions_service.list_rules( account_id='testString' ).get_result() print(json.dumps(out_rule_page, indent=2))
listRulesOptions := contextBasedRestrictionsService.NewListRulesOptions( "testString", ) ruleList, response, err := contextBasedRestrictionsService.ListRules(listRulesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(ruleList, "", " ") fmt.Println(string(b))
-
Delete the rule for the specified rule ID.
curl -X DELETE --location --header "Authorization: Bearer {iam_token}" "{base_url}/v1/rules/{rule_id}"
DeleteRuleOptions deleteRuleOptions = new DeleteRuleOptions.Builder() .ruleId("testString") .build(); Response<Void> response = contextBasedRestrictionsService.deleteRule(deleteRuleOptions).execute();
const params = { ruleId: 'testString', }; contextBasedRestrictionsService.deleteRule(params) .then(res => { done(); }) .catch(err => { console.warn(err) });
response = context_based_restrictions_service.delete_rule( rule_id='testString' )
deleteRuleOptions := contextBasedRestrictionsService.NewDeleteRuleOptions( "testString", ) response, err := contextBasedRestrictionsService.DeleteRule(deleteRuleOptions) if err != nil { panic(err) } if response.StatusCode != 204 { fmt.Printf("\nUnexpected response status code received from DeleteRule(): %d\n", response.StatusCode) }
Removing a network zone
Removing a network zone removes the set of allowed network locations from which an access request is created. If a network zone is added to a rule, you first have to remove the zone from the rule. See Updating context-based restrictions for more information about removing a zone from a rule. Then, complete the following steps:
- In the IBM Cloud console, go to Manage > Context-based restrictions, and select Network zones.
- Click the Actions icon in the row that contains the network zone, and click Remove.
Removing a network zone by using the CLI
Removing a network zone removes the set of allowed network locations from which an access request is created. If a network zone is added to a rule, you first have to remove the zone from the rule. For more information about removing a zone from a rule, see Updating context-based restrictions . Then, complete the following steps:
-
Retrieve the zone ID for the network zone that you want to delete by using the contxt-based restrictions zones command. You can narrow the results of the list by specifying the name of the zone.
ibmcloud cbr zones --name "Example zone"
-
Delete the network zone for the specified zone ID by using the cbr zone-delete command.
ibmcloud cbr zone-delete 65810ac762004f22ac19f8f8edf70a34
Removing a network zone by using the API
Removing a network zone removes the set of allowed network locations from which an access request is created. If a network zone is added to a rule, you first have to remove the zone from the rule. See Updating context-based restrictions for more information about removing a zone from a rule. Then, complete the following steps:
-
Retrieve the rule ID for the rule that you want to delete by using the Context-based restrictions list zones method.
curl -X GET --location --header "Authorization: Bearer {iam_token}" --header "Accept: application/json" "{base_url}/v1/zones?account_id={account_id}"
ListZonesOptions listZonesOptions = new ListZonesOptions.Builder() .accountId("testString") .build(); Response<OutZonePage> response = contextBasedRestrictionsService.listZones(listZonesOptions).execute(); OutZonePage outZonePage = response.getResult(); System.out.println(outZonePage);
const params = { accountId: 'testString', }; contextBasedRestrictionsService.listZones(params) .then(res => { console.log(JSON.stringify(res.result, null, 2)); }) .catch(err => { console.warn(err) });
out_zone_page = context_based_restrictions_service.list_zones( account_id='testString' ).get_result() print(json.dumps(out_zone_page, indent=2))
listZonesOptions := contextBasedRestrictionsService.NewListZonesOptions( "testString", ) outZonePage, response, err := contextBasedRestrictionsService.ListZones(listZonesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(outZonePage, "", " ") fmt.Println(string(b))
-
Delete the network zone for the specified zone ID.
curl -X DELETE --location --header "Authorization: Bearer {iam_token}" "{base_url}/v1/zones/{zone_id}"
DeleteZoneOptions deleteZoneOptions = new DeleteZoneOptions.Builder() .zoneId("testString") .build(); Response<Void> response = contextBasedRestrictionsService.deleteZone(deleteZoneOptions).execute();
const params = { zoneId: 'testString', }; contextBasedRestrictionsService.deleteZone(params) .then(res => { done(); }) .catch(err => { console.warn(err) });
response = context_based_restrictions_service.delete_zone( zone_id='testString' )
deleteZoneOptions := contextBasedRestrictionsService.NewDeleteZoneOptions( "testString", ) response, err := contextBasedRestrictionsService.DeleteZone(deleteZoneOptions) if err != nil { panic(err) } if response.StatusCode != 204 { fmt.Printf("\nUnexpected response status code received from DeleteZone(): %d\n", response.StatusCode) }