Method: projects.serviceAccounts.disable

Disables aServiceAccount immediately.

If an application uses the service account to authenticate, that application can no longer call Google APIs or access Google Cloud resources. Existing access tokens for the service account are rejected, and requests for new access tokens will fail.

To re-enable the service account, useserviceAccounts.enable. After you re-enable the service account, its existing access tokens will be accepted, and you can request new access tokens.

To help avoid unplanned outages, we recommend that you disable the service account before you delete it. Use this method to disable the service account, then wait at least 24 hours and watch for unintended consequences. If there are no unintended consequences, you can delete the service account withserviceAccounts.delete.

HTTP request

POST https://iam.googleapis.com/v1/{name=projects/*/serviceAccounts/*}:disable

The URL usesgRPC Transcoding syntax.

Path parameters

Parameters

Parameters
`name`	`string` The resource name of the service account. Use one of the following formats: `projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}` `projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}` As an alternative, you can use the`-` wildcard character instead of the project ID: `projects/-/serviceAccounts/{EMAIL_ADDRESS}` `projects/-/serviceAccounts/{UNIQUE_ID}` When possible, avoid using the`-` wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service account`projects/-/serviceAccounts/fake@example.com`, which does not exist, the response contains an HTTP`403 Forbidden` error instead of a`404 Not Found` error. Authorization requires the followingIAM permission on the specified resource`name`: `iam.serviceAccounts.disable`

name

string

The resource name of the service account.

Use one of the following formats:

projects/{PROJECT_ID}/serviceAccounts/{EMAIL_ADDRESS}
projects/{PROJECT_ID}/serviceAccounts/{UNIQUE_ID}

As an alternative, you can use the- wildcard character instead of the project ID:

projects/-/serviceAccounts/{EMAIL_ADDRESS}
projects/-/serviceAccounts/{UNIQUE_ID}

When possible, avoid using the- wildcard character, because it can cause response messages to contain misleading error codes. For example, if you try to access the service accountprojects/-/serviceAccounts/fake@example.com, which does not exist, the response contains an HTTP403 Forbidden error instead of a404 Not Found error.

Authorization requires the followingIAM permission on the specified resourcename:

iam.serviceAccounts.disable

Request body

The request body must be empty.

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/iam
https://www.googleapis.com/auth/cloud-platform

For more information, see theAuthentication Overview.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-05-21 UTC.

Movatterモバイル変換