mc admin policy detach

Removes one or more IAM policies from either a MinIO-managed user or a group.

This command is intended for managing policy associations for MinIO-managed users only.

For detaching policies to OpenID-managed users, see OpenID Connect Access Management.

For detaching policies to Active Directory/LDAP users or groups, use mc idp ldap policy detach.

Syntax

Parameters

The mc admin policy detach command accepts the following arguments:

TARGET

Required

The alias of a configured AIStor deployment with the user or group for which you want to detach one or more policies.

POLICY

Required

The name of the policy to detach from either the user or the group.

You may detach multiple policies at once by separating each policy name with a space.

--user

Optional

The username of the identity you want to detach the policy or policies from. You may only list one user.

You must include either the --user flag or the --group flag. You may not use the --user flag at the same time as the --group flag.

--group

Optional

The name of the group identity you want to detach the policy or policies from. You may only list one group.

All users with membership in the group lose the policies associated to the group.

You must include either the --group flag or the --user flag. You may not use the --group flag at the same time as the --user flag.

Global Flags

This command supports any of the global flags.

Examples

Detach the readonly policy from user james on the deployment at alias myminio.

mc admin policy detach myminio readonly --user james

Detach the audit-policy and acct-policy policies from group legal on the deployment at alias myminio.

mc admin policy detach myminio audit-policy acct-policy --group legal
All rights reserved 2024-Present, MinIO, Inc.