DetachPolicy - - Alibaba Cloud Documentation Center

Detaches a policy from an object. After you detach a policy from an object, the object does not have the operation permissions on the current resource group or the resources under the current account.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	DetachPolicy	The operation that you want to perform. Set the value to DetachPolicy.
PolicyName	String	Yes	OSS-Administrator	The name of the policy. The name must be 1 to 128 characters in length and can contain letters, digits, and hyphens (-).
PolicyType	String	Yes	Custom	The type of the policy. Valid values: Custom: custom policy System: system policy
PrincipalName	String	Yes	alice@demo.onaliyun.com	The name of the object to which the policy is attached.
PrincipalType	String	Yes	IMSUser	The type of the object to which the policy is attached. Valid values: IMSUser: RAM user IMSGroup: RAM user group ServiceRole: RAM role
ResourceGroupId	String	Yes	rg-9gLOoK****	The ID of the resource group or the ID of the Alibaba Cloud account to which the resource group belongs. This parameter specifies the resource group or Alibaba Cloud account for which you want to revoke permissions.

Response parameters


Parameter	Type	Example	Description
RequestId	String	697852FB-50D7-44D9-9774-530C31EAC572	The ID of the request.

Examples

Sample requests

https://resourcemanager.aliyuncs.com/?Action=DetachPolicy
&PolicyName=OSS-Administrator
&PolicyType=Custom
&PrincipalName=alice@demo.onaliyun.com
&PrincipalType=IMSUser
&ResourceGroupId=rg-9gLOoK****
&<Common request parameters>

Sample success responses

XML format

<DetachPolicyFromUserResponse>
      <RequestId>697852FB-50D7-44D9-9774-530C31EAC572</RequestId>
</DetachPolicyFromUserResponse>

JSON format

{
    "RequestId": "697852FB-50D7-44D9-9774-530C31EAC572"
}

Error codes


HTTP status code	Error code	Error message	Description
400	InvalidParameter.PolicyType	The specified policy type is invalid.	The error message returned because the policy type is invalid.
404	EntityNotExist.Policy	The policy does not exist.	The error message returned because the policy does not exist.
404	EntityNotExists.ResourceGroup	The specified resource group does not exist. You must first create a resource group.	The error message returned because the resource group does not exist. Create the resource group first.
409	Invalid.ResourceGroup.Status	You cannot perform an operation on a resource group that is being created or deleted.	The error message returned because you cannot perform the operation on a resource group that is being created or deleted.

For a list of error codes, visit the API Error Center.