---
title: How to Detach a Role from a User
url: https://docs.vultr.com/platform/iam/roles/how-to-detach-a-role-from-a-user
description: Detach an IAM role from a user on Vultr. The user loses all permissions inherited from the role's policies while retaining other directly assigned access.
publish_date: 2026-03-24T19:52:41.185223Z
last_updated: 2026-06-01T21:29:40.728842Z
---

Detaching a role from a user revokes the permissions granted through that role. The user retains any permissions assigned through other roles, groups, or direct policy attachments.

Follow this guide to detach a role from a user using the Vultr Console, the Vultr API, or Terraform.

=== "Vultr Console"

    1. Log in to the [Vultr Console](https://console.vultr.com).
    1. Click the organization name in the top navigation bar.
    1. Click **Manage Organization**.
    1. Click the **Users** tab.
    1. Click the name of the user from whom you want to detach the role.
    1. In the **Roles** section, locate the role and click the **Remove** icon next to it.

        The role is detached and the user loses the permissions granted through it.

=== "Vultr API"

    1. Send a `GET` request to the [**List Roles** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-roles) to retrieve all roles in your organization.

        ```console
        $ curl "https://api.vultr.com/v2/roles" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        Note the `id` of the role you want to detach from a user.

    1. Send a `GET` request to the [**List Users with Role** endpoint](https://www.vultr.com/api/#tag/iam/operation/list-iam-role-users) to retrieve all users assigned to the role. Replace `{role-id}` with the id of the role. Note the `user_id` of the user you want to detach.

        ```console
        $ curl "https://api.vultr.com/v2/roles/{role-id}/users" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

    1. Send a `DELETE` request to the [**Detach Role from User** endpoint](https://www.vultr.com/api/#tag/iam/operation/remove-iam-user-from-role) to detach the role. Replace `{role-id}` with the role id and `{user-id}` with the user id.

        ```console
        $ curl "https://api.vultr.com/v2/roles/{role-id}/users/{user-id}" \
            -X DELETE \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        A successful detachment returns an HTTP `204 No Content` response with no response body.

=== "Terraform"

    1. Ensure the [Vultr Terraform provider](https://registry.terraform.io/providers/vultr/vultr/latest/docs) is configured in your Terraform project.

    1. Remove the role ID from the `roles` list in the user resource definition.

        ```hcl
        resource "vultr_user" "new_user" {
          name     = "USER-NAME"
          email    = "USER-EMAIL"
          password = "STRONG-PASSWORD"
          roles    = []
        }
        ```

    1. Apply the configuration.

        ```console
        $ terraform apply
        ```

        Verify that the output shows `vultr_user.new_user: Modifications complete`.