Detach an IAM policy from a user on Vultr. Remove the permissions defined in the policy document from the user through the Vultr API or Console interface.
Detaching a policy from a user revokes the permissions granted through that policy. The user retains any permissions assigned through other policies, roles, or groups.
Follow this guide to detach a policy from a user using the Vultr API or Terraform.
Send a GET request to the List Policies endpoint to retrieve all policies in your organization.
$ curl "https://api.vultr.com/v2/policies" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the policy you want to detach.
Send a GET request to the List Users with Policy endpoint to retrieve all users assigned to the policy. Replace {policy-id} with the id of the policy. Note the id of the user you want to detach.
$ curl "https://api.vultr.com/v2/policies/{policy-id}/users" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Detach Policy from User endpoint to detach the policy. Replace {policy-id} with the policy id and {user-id} with the user id.
$ curl "https://api.vultr.com/v2/policies/{policy-id}/users/{user-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
A successful detachment returns an HTTP 204 No Content response with no response body.
Ensure the Vultr Terraform provider is configured in your Terraform project.
Destroy the policy-user attachment resource. Replace policy-user-attachment with the resource label used in your configuration.
$ terraform destroy -target=vultr_organization_policy_user_attachment.policy-user-attachment
Alternatively, remove the vultr_organization_policy_user_attachment block from your configuration and run:
$ terraform apply
Verify that the output shows vultr_organization_policy_user_attachment.policy-user-attachment: Destruction complete.