Detaching a Managed Policy from a User or a Group

You can detach a managed policy from a user or a group at any time. Permissions contained in the policy then no longer apply to the individual user or the users in the group.

After you detach a policy, it remains available in your account. You can then attach it again to users or groups. To modify the permissions in a policy or to delete it, see Editing Managed Policies Using Policy Versions or Deleting a Managed Policy.

Detaching a Managed Policy from a User

Detaching a Managed Policy from a User Using Cockpit v2

You can also do this action by clicking the ID of a user, clicking on the Attached Policies tab, then selecting a policy and clicking IconUnlink Unlink Policy.

  1. Click inside the EIM Users dashboard to make checkboxes appear.

  2. Check the box of the user from which you want to detach a managed policy.
    The user is selected and an action menu appears.

  3. Click IconUnlink Unlink Policy.
    The UNLINK POLICY dialog box appears.

  4. From the Policy list, select the managed policy you want to detach.

  5. Click Unlink.
    The managed policy is detached from the user, and its permissions no longer apply to it.

Detaching a Managed Policy from a User Using OSC CLI

See the DetachUserPolicy command sample in the documentation of the EIM API.

Detaching a Managed Policy from a User Using AWS CLI

To detach a managed policy from a user, use the detach-user-policy command following this syntax:

Request sample
$ aws iam detach-user-policy \
    --profile YOUR_PROFILE \
    --user-name USER_NAME \
    --policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • user-name: The name of the user from which you want to detach the policy.

  • policy-arn: The OUTSCALE Resource Name (ORN) of the policy you want to detach.

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The specified managed policy is detached from the user, and its permissions no longer apply to it.

Detaching a Managed Policy from a Group

Detaching a Managed Policy from a Group Using OSC CLI

See the DetachGroupPolicy command sample in the documentation of the EIM API.

Detaching a Managed Policy from a Group Using AWS CLI

To detach a managed policy from a group, use the detach-group-policy command following this syntax:

Request sample
$ aws iam detach-group-policy \
    --profile YOUR_PROFILE \
    --group-name GROUP_NAME \
    --policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
    --endpoint https://eim.eu-west-2.outscale.com

This command contains the following attributes that you need to specify:

  • (optional) profile: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI.

  • group-name: The name of the group from which you want to detach the policy.

  • policy-arn: The OUTSCALE Resource Name (ORN) of the policy you want to detach.

  • endpoint: The endpoint corresponding to the Region you want to send the request to.

The specified managed policy is detached from the group, and its permissions no longer apply to its users.

Related Pages

Corresponding API Methods

AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.