Detach an IAM policy from a group on Vultr. Revoke the permissions defined in the policy from all group members through the Vultr API or Console interface.
Detaching a policy from a group revokes the permissions granted through that policy for all group members. Members retain any permissions assigned through other policies, roles, or other groups.
Follow this guide to detach a policy from a group using the Vultr API or Terraform.
Send a GET request to the List Policies endpoint to retrieve all policies in your organization.
$ curl "https://api.vultr.com/v2/policies" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the policy you want to detach.
Send a GET request to the List Groups with Policy endpoint to retrieve all groups assigned to the policy. Replace {policy-id} with the id of the policy. Note the id of the group you want to detach.
$ curl "https://api.vultr.com/v2/policies/{policy-id}/groups" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Detach Policy from Group endpoint to detach the policy. Replace {policy-id} with the policy id and {group-id} with the group id.
$ curl "https://api.vultr.com/v2/policies/{policy-id}/groups/{group-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
A successful detachment returns an HTTP 204 No Content response with no response body.
Ensure the Vultr Terraform provider is configured in your Terraform project.
Destroy the policy-group attachment resource. Replace policy-group-attachment with the resource label used in your configuration.
$ terraform destroy -target=vultr_organization_policy_group_attachment.policy-group-attachment
Alternatively, remove the vultr_organization_policy_group_attachment block from your configuration and run:
$ terraform apply
Verify that the output shows vultr_organization_policy_group_attachment.policy-group-attachment: Destruction complete.