To modify a Resource Access Management (RAM) user's access, you can detach policies to revoke their permissions. This is necessary when a user's role changes or their access is no longer required.
When you detach a policy, the RAM user immediately loses the permissions granted by that policy. This action can affect applications or services that rely on the user's credentials. Before you proceed, ensure that the user no longer requires these permissions.
Method 1: Detach a policy on the user details page
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Users page, click the name of the target RAM user.
On the Permissions tab, find the policy that you want to detach, and click Revoke Permission in the Actions column.
In the Revoke Permission dialog box, click Revoke Permission.
Method 2: Detach a policy on the Grants page
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Permission page, do one of the following:
To detach a single policy, find the policy and click Revoke Permission in the Actions column.
To detach multiple policies, select the checkboxes for the policies that you want to remove, and click Revoke Permission at the bottom of the list.
In the Revoke Permission dialog box, click Revoke Permission.