---
title: How to Detach a Policy from a Role
url: https://docs.vultr.com/platform/iam/roles/how-to-detach-a-policy-from-a-role
description: Detach an IAM policy from a role on Vultr. Remove specific permission rules from the role, affecting all users and groups currently assigned to it in IAM.
publish_date: 2026-03-24T19:52:39.386733Z
last_updated: 2026-06-01T21:29:35.066776Z
---

Detaching a policy from a role removes the policy's permission rules from the role. Users and groups assigned to the role will no longer have the permissions defined in the detached policy, unless those permissions are granted through another attached policy.

Follow this guide to detach a policy from a role using the Vultr Console, the Vultr API, or Terraform.

=== "Vultr Console"

    1. Log in to the [Vultr Console](https://console.vultr.com).
    1. Click the organization name in the top navigation bar.
    1. Click **Manage Organization**.
    1. Click the **Roles** tab.
    1. Click the name of the role from which you want to detach a policy.
    1. In the **Permission Policies** section, locate the policy and click the **Remove** icon next to it.

        The policy is detached and users assigned to this role lose the associated permissions.

=== "Vultr API"

    1. Send a `GET` request to the [**List Roles** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-roles) to retrieve all roles in your organization.

        ```console
        $ curl "https://api.vultr.com/v2/roles" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        Note the `id` of the role from which you want to detach a policy.

    1. Send a `GET` request to the [**List Policies Attached to Role** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-role-policies) to retrieve all policies attached to the role. Replace `{role-id}` with the id of the role. Note the `id` of the policy you want to detach.

        ```console
        $ curl "https://api.vultr.com/v2/roles/{role-id}/policies" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

    1. Send a `DELETE` request to the [**Detach Policy from Role** endpoint](https://www.vultr.com/api/#tag/iam/operation/remove-iam-policy-from-role) to detach the policy. Replace `{role-id}` with the role id and `{policy-id}` with the policy id.

        ```console
        $ curl "https://api.vultr.com/v2/roles/{role-id}/policies/{policy-id}" \
            -X DELETE \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        A successful detachment returns an HTTP `204 No Content` response with no response body.

=== "Terraform"

    1. Ensure the [Vultr Terraform provider](https://registry.terraform.io/providers/vultr/vultr/latest/docs) is configured in your Terraform project.

    1. Destroy the role-policy attachment resource. Replace `role-policy-attachment` with the resource label used in your configuration.

        ```console
        $ terraform destroy -target=vultr_organization_role_policy_attachment.role-policy-attachment
        ```

        Alternatively, remove the `vultr_organization_role_policy_attachment` block from your configuration and run:

        ```console
        $ terraform apply
        ```

        Verify that the output shows `vultr_organization_role_policy_attachment.role-policy-attachment: Destruction complete`.