Detaching a Managed Policy from a User or a Group
You can detach a managed policy from a user or a group at any time. Permissions contained in the policy then no longer apply to the individual user or the users in the group.
After you detach a policy, it remains available in your account. You can then attach it again to users or groups. To modify the permissions in a policy or to delete it, see Editing Managed Policies Using Policy Versions or Deleting a Managed Policy.
Detaching a Managed Policy from a User
Detaching a Managed Policy from a User Using Cockpit v2
You can also do this action by clicking the ID of a user, clicking on the Attached Policies tab, then selecting a policy and clicking Unlink Policy. |
-
Click inside the EIM Users dashboard to make checkboxes appear.
-
Check the box of the user from which you want to detach a managed policy.
The user is selected and an action menu appears. -
Click Unlink Policy.
The UNLINK POLICY dialog box appears. -
From the Policy list, select the managed policy you want to detach.
-
Click Unlink.
The managed policy is detached from the user, and its permissions no longer apply to it.
Detaching a Managed Policy from a User Using OSC CLI
See the DetachUserPolicy command sample in the documentation of the EIM API. |
Detaching a Managed Policy from a User Using AWS CLI
To detach a managed policy from a user, use the detach-user-policy command following this syntax:
$ aws iam detach-user-policy \
--profile YOUR_PROFILE \
--user-name USER_NAME \
--policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
--endpoint https://eim.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
user-name
: The name of the user from which you want to detach the policy. -
policy-arn
: The OUTSCALE Resource Name (ORN) of the policy you want to detach. -
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The specified managed policy is detached from the user, and its permissions no longer apply to it.
Detaching a Managed Policy from a Group
Detaching a Managed Policy from a Group Using OSC CLI
See the DetachGroupPolicy command sample in the documentation of the EIM API. |
Detaching a Managed Policy from a Group Using AWS CLI
To detach a managed policy from a group, use the detach-group-policy command following this syntax:
$ aws iam detach-group-policy \
--profile YOUR_PROFILE \
--group-name GROUP_NAME \
--policy-arn arn:aws:iam::123456789012:policy/MY_POLICY \
--endpoint https://eim.eu-west-2.outscale.com
This command contains the following attributes that you need to specify:
-
(optional)
profile
: The named profile you want to use, created when configuring AWS CLI. For more information, see Installing and Configuring AWS CLI. -
group-name
: The name of the group from which you want to detach the policy. -
policy-arn
: The OUTSCALE Resource Name (ORN) of the policy you want to detach. -
endpoint
: The endpoint corresponding to the Region you want to send the request to.
The specified managed policy is detached from the group, and its permissions no longer apply to its users.
Related Pages
Corresponding API Methods
AWS™ and Amazon Web Services™ are trademarks of Amazon Technologies, Inc or its affiliates in the United States and/or other countries.