From the user page, this allows you to remove a user's roles from a resource. A resource can be an organization or a project. You need to select the resource from the context switcher in order to remove the user's role.
Note: You cannot remove a user's role if the role is inherited.
There are multiple methiods to remove a user's roles. The following guides will show you the steps for each method of removing a user's role.
Unassign User's Roles
This is the most straightforward method of removing a user's role from a resource. It will remove all user's roles from a selected resource. You need to locate the user within the resource hierarchy and then remove the user's roles from that resource. However, this method will not show you the role inheritance for your users, and the function will not be available if there are any inherited roles.
To unassign users's roles:
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project:
Click the Context Switcher drop-down list, select an organization or a project, then click Go.
-
Locate the user and hover over
and select Remove User.
Important: If the user has any inherited roles from its parent organization or projects, the Remove User option will not be available.
-
Tick the checkbox to confirm that you want to remove this user. Then click Remove User from Organization. This will remove all of the user's roles from the selected resource.
Remove Role
This method allows you to view all the roles that a user has within a resource. From here, you can select which user's roles to remove. This function will show you whether a role is inherited, as well as where the inheritance originates from.
To remove users's role(s):
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project:
Click the Context Switcher drop-down list, select an organization or a project, then click Go.
-
Locate the user and hover over
and select User Details.A list of the user's roles will be shown.
Tip: The inheritance column shows whether the role is inherited. Not Available indicates that this role is not inherited from any parent organization/project and you can remove the role easily. Otherwise, you must go to the resource shown in the inheritance column in order to remove the user's role. This can be done using the Context Switcher.
-
Locate the user's role and hover over
and select Remove Role.Important: If role is inherited, the Remove Role option will not be available.
-
Tick the checkbox to confirm that you want to remove the role. Then click Remove Role. This will remove the selected user's roles from the selected resource.
Manage User's Role
From the user details page, this function allows you to add or remove a user's roles from a resource. Refer to Manage User's Role.
Related Topics
