---
title: How to Detach a Policy from a User
url: https://docs.vultr.com/platform/iam/policies/how-to-detach-a-policy-from-a-user
description: Detach an IAM policy from a user on Vultr. Remove the permissions defined in the policy document from the user through the Vultr API or Console interface.
publish_date: 2026-03-24T19:52:09.889346Z
last_updated: 2026-06-01T21:19:35.820568Z
---

Detaching a policy from a user revokes the permissions granted through that policy. The user retains any permissions assigned through other policies, roles, or groups.

Follow this guide to detach a policy from a user using the Vultr API or Terraform.

=== "Vultr API"

    1. Send a `GET` request to the [**List Policies** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-policies) to retrieve all policies in your organization.

        ```console
        $ curl "https://api.vultr.com/v2/policies" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        Note the `id` of the policy you want to detach.

    1. Send a `GET` request to the [**List Users with Policy** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-policy-users) to retrieve all users assigned to the policy. Replace `{policy-id}` with the id of the policy. Note the `id` of the user you want to detach.

        ```console
        $ curl "https://api.vultr.com/v2/policies/{policy-id}/users" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

    1. Send a `DELETE` request to the [**Detach Policy from User** endpoint](https://www.vultr.com/api/#tag/iam/operation/detach-iam-user-from-policy) to detach the policy. Replace `{policy-id}` with the policy id and `{user-id}` with the user id.

        ```console
        $ curl "https://api.vultr.com/v2/policies/{policy-id}/users/{user-id}" \
            -X DELETE \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        A successful detachment returns an HTTP `204 No Content` response with no response body.

=== "Terraform"

    1. Ensure the [Vultr Terraform provider](https://registry.terraform.io/providers/vultr/vultr/latest/docs) is configured in your Terraform project.

    1. Destroy the policy-user attachment resource. Replace `policy-user-attachment` with the resource label used in your configuration.

        ```console
        $ terraform destroy -target=vultr_organization_policy_user_attachment.policy-user-attachment
        ```

        Alternatively, remove the `vultr_organization_policy_user_attachment` block from your configuration and run:

        ```console
        $ terraform apply
        ```

        Verify that the output shows `vultr_organization_policy_user_attachment.policy-user-attachment: Destruction complete`.