You can remove the roles assigned to a user using the or the . The assigned roles are used with the API Authorization Core feature set.

Prerequisites

For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API. The Authorization Core functionality is different from the Authorization Extension. For a comparison, read Authorization Core vs. Authorization Extension.

Dashboard

  1. Go to Dashboard > User Management > Users and click the name of the user to view.
  2. Click the Roles view, then click the trashcan icon next to the role you want to remove.

Management API

Make a DELETE call to the Delete User Roles endpoint. Be sure to replace USER_ID, MGMT_API_ACCESS_TOKEN, and ROLE_ID placeholder values with your user ID, Management API , and role ID(s), respectively. 
curl --request DELETE \
  --url 'https://{yourDomain}/api/v2/users/USER_ID/roles' \
  --header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "roles": [ "ROLE_ID", "ROLE_ID" ] }'
ValueDescription
USER_IDΤhe ID of the user to be updated.
MGMT_API_ACCESS_TOKENAccess Token for the Management API with the scope update:users.
ROLE_IDID(s) of the role(s) you would like to remove for the specified user.

Learn more