Skip to main content

DELETE /api/roles//permissions/

Removes a permission from a role. All users with this role will lose access to the removed permission.

Authentication

This endpoint requires authentication. Include a valid JWT token in the Authorization header.

Path Parameters

id
UUID
required
The unique identifier of the role from which the permission will be removed
permissionId
UUID
required
The unique identifier of the permission to remove from the role

Response

This endpoint returns 204 No Content on success with an empty response body.

Error Responses

  • 404 Not Found: Role or permission with the specified ID does not exist
  • 500 Internal Server Error: Unexpected server error

Example Request

curl -X DELETE https://api.example.com/api/roles/550e8400-e29b-41d4-a716-446655440000/permissions/660e8400-e29b-41d4-a716-446655440001 \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

Example Success Response

HTTP/1.1 204 No Content

Example Error Response

{
  "timestamp": "2024-01-15T10:30:00Z",
  "requestId": "abc-123-def",
  "message": "Resource not found",
  "detail": "Role with ID 550e8400-e29b-41d4-a716-446655440000 does not exist"
}

Usage Notes

  • Attempting to remove a permission that is not assigned to the role will return a 404 error
  • Users with this role will immediately lose access to the removed permission
  • This action is logged in the audit trail with action type REMOVER_PERMISO
  • Consider the impact on users before removing critical permissions
  • If the permission doesn’t exist in the system, a 404 error will be returned

Build docs developers (and LLMs) love

Get started for freeTalk to us