Detach an IAM policy from a role on Vultr. Remove specific permission rules from the role, affecting all users and groups currently assigned to it in IAM.
Detaching a policy from a role removes the policy's permission rules from the role. Users and groups assigned to the role will no longer have the permissions defined in the detached policy, unless those permissions are granted through another attached policy.
This guide explains how to detach a policy from a role using the Vultr Console and the Vultr API.
Log in to the Vultr Console.
Click the organization name in the top navigation bar.
Click Manage Organization.
Click the Roles tab.
Click the name of the role from which you want to detach a policy.
In the Permission Policies section, locate the policy and click the Remove icon next to it.
The policy is detached and users assigned to this role lose the associated permissions.
Send a GET request to the List Roles endpoint to retrieve all roles in your organization.
$ curl "https://api.vultr.com/v2/roles" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the role from which you want to detach a policy.
Send a GET request to the List Policies Attached to Role endpoint to retrieve all policies attached to the role. Replace {role-id} with the id of the role. Note the id of the policy you want to detach.
$ curl "https://api.vultr.com/v2/roles/{role-id}/policies" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Detach Policy from Role endpoint to detach the policy. Replace {role-id} with the role id and {policy-id} with the policy id.
$ curl "https://api.vultr.com/v2/roles/{role-id}/policies/{policy-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
A successful detachment returns an HTTP 204 No Content response with no response body.