Removing access to a file share from other accounts

When you no longer want to allow another account or service to have access to your file share data, you can revoke their access at any time. To revoke access, first remove the IAM authorization. Removal of the IAM authorization prevents the other account or service from creating another accessor share and mount target. Then, delete the binding that connects the origin file share to the accessor shares. This action severs the network path, and puts the accessor share and the mount target that is attached to the accessor share in a failed state.

A failed accessor share and its associated mount targets can't become stable again and can't be reused. The accessor account can and needs to delete these resources.

Removing authorization

Removing an authorization in the console Removing an authorization by using the CLI Removing an authorization by using the API Removing an authorization by using Terraform

Deleting the bindings

Select a file share from the list of file shares.
On the File share details page, scroll to the Accessor share bindings section to locate the binding that you want to delete.
At the end of the row of the binding, click the Actions icon and select Delete.

You can delete a share binding by using the is share-binding-delete command. See the following example.

ibmcloud is share-accessor-binding-delete SHARE ACCESSOR_BINDING

You can programmatically delete a share binding by calling the /shares method in the VPC API as shown in the following sample request.

curl -X DELETE "$vpc_api_endpoint/v1/shares/v1/shares/$share_id/bindings/$binding_id?version=2024-06-21&generation=2"

If you want to remove a binding by using Terraform, you need to delete the ibm_is_share_binding resource. You can use the terraform destroy command to conveniently destroy a remote object such as a single binding resource.

terraform destroy --target ibm_is_share_binding.example.id