Detach an IAM role from a user on Vultr. The user loses all permissions inherited from the role's policies while retaining other directly assigned access.
Detaching a role from a user revokes the permissions granted through that role. The user retains any permissions assigned through other roles, groups, or direct policy attachments.
This guide explains how to detach a role from a user using the Vultr Console and the Vultr API.
Log in to the Vultr Console.
Click the organization name in the top navigation bar.
Click Manage Organization.
Click the Users tab.
Click the name of the user from whom you want to detach the role.
In the Roles section, locate the role and click the Remove icon next to it.
The role is detached and the user loses the permissions granted through it.
Send a GET request to the List Roles endpoint to retrieve all roles in your organization.
$ curl "https://api.vultr.com/v2/roles" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Note the id of the role you want to detach from a user.
Send a GET request to the List Users with Role endpoint to retrieve all users assigned to the role. Replace {role-id} with the id of the role. Note the user_id of the user you want to detach.
$ curl "https://api.vultr.com/v2/roles/{role-id}/users" \
-X GET \
-H "Authorization: Bearer ${VULTR_API_KEY}"
Send a DELETE request to the Detach Role from User endpoint to detach the role. Replace {role-id} with the role id and {user-id} with the user id.
$ curl "https://api.vultr.com/v2/roles/{role-id}/users/{user-id}" \
-X DELETE \
-H "Authorization: Bearer ${VULTR_API_KEY}"
A successful detachment returns an HTTP 204 No Content response with no response body.