Detach an IAM role from a group on Vultr. Group members lose the permissions inherited from the role's policies while retaining their direct assignments.
Detaching a role from a group revokes the permissions granted through that role for all group members. Members retain any permissions assigned through other roles, direct policy attachments, or other groups.
This guide explains how to detach a role from a group using the Vultr Console and the Vultr API.
Log in to the Vultr Console.
Click the organization name in the top navigation bar.
Click Manage Organization.
Click the Groups tab.
Click the name of the group from which you want to detach the role.
In the Roles section, locate the role and click the Remove icon next to it.
The role is detached and all group members lose the permissions granted through it.
Send a GET request to the List Roles endpoint to retrieve all roles in your organization.
$ curl "https://api.vultr.com/v2/roles" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the role you want to detach from a group.
Send a GET request to the List Groups with Role endpoint to retrieve all groups assigned to the role. Replace {role-id} with the id of the role. Note the group_id of the group you want to detach.
$ curl "https://api.vultr.com/v2/roles/{role-id}/groups" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Detach Role from Group endpoint to detach the role. Replace {role-id} with the role id and {group-id} with the group id.
$ curl "https://api.vultr.com/v2/roles/{role-id}/groups/{group-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
A successful detachment returns an HTTP 204 No Content response with no response body.