When permissions are no longer required, you can detach policies from a Resource Access Management (RAM) user group to revoke access for all users in that group.
When you detach a policy from a user group, all users in that group immediately lose the permissions granted by the policy. This action can affect applications or services that rely on the group's permissions. Before you proceed, ensure that the users in the group no longer require these permissions.
Method 1: Detach a policy on the group details page
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Groups page, click the name of the target group.
On the Permissions tab, find the policy that you want to detach and then click Revoke Permission in the Actions column.
In the Revoke Permission dialog box, click Revoke Permission.
Method 2: Detach a policy on the Grants page
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Permission page, do one of the following:
To detach a single policy, find the policy and click Revoke Permission in the Actions column.
To detach multiple policies, select the checkboxes for the policies that you want to remove, and click Revoke Permission at the bottom of the list.
In the Revoke Permission dialog box, click Revoke Permission.