If a Resource Access Management (RAM) role no longer needs specific permissions, you can revoke the permissions from the RAM role. This topic describes how to revoke the permissions from a RAM role.
You cannot revoke permissions from service-linked roles by detaching policies from the roles. This is because the policies that are attached to this type of role are defined by the linked cloud services. For more information, see Service-linked roles.
Method 1: Revoke permissions from a RAM role on the Roles page
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the Roles page, click the name of the RAM role that you created.
On the Permissions tab, find the policy that you want to detach from the RAM role and click Revoke Permission in the Actions column.
You can also select multiple policies and click Revoke Permission below the policy list to detach the policies from the RAM role at a time.
In the Revoke Permission dialog box, click Revoke Permission.
Method 2: Revoke permissions from a RAM role on the Grants page
Log on to the RAM console as a RAM user who has administrative rights.
In the left-side navigation pane, choose .
On the Permission page, find the RAM role from which you want to revoke permissions and click Revoke Permission in the Actions column.
You can also select multiple RAM roles and click Revoke Permission below the RAM role list to revoke permissions from multiple RAM roles at a time.
In the Revoke Permission dialog box, click Revoke Permission.