Remove Permissions From Role

Remove one or more permissions from a role.

Authentication

This endpoint requires a bearer access token for the System API.

Endpoint

DELETE /api/v1/roles/{roleId}/permissions
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json

Request

Headers

Header	Required	Description
`Authorization`	Yes	Bearer token for a System API client
`Content-Type`	Yes	Must be `application/json`

Path Parameters

Parameter	Type	Required	Description
`roleId`	integer	Yes	Role identifier

Query Parameters

This endpoint does not accept query parameters.

Request Body

{
  "permissionIds": [1, 2]
}

Request Fields

Field	Type	Required	Description
`permissionIds`	array of integers	Yes	Permission IDs to remove from the role

Validation Rules

permissionIds must not be empty
permissionIds must contain unique values only

Response

204 No Content

Permissions were removed successfully.

This endpoint does not return a response body on success.

Errors

Status	When it happens
`401 Unauthorized`	The bearer token is missing, invalid, or expired
`403 Forbidden`	The token is valid but does not have access to this endpoint
`404 Not Found`	No role exists with the provided `roleId`
`409 Conflict`	One or more submitted permission IDs are invalid

404 Example

Role not found.

409 Example

One or more permission IDs are invalid.

Behavior

The endpoint is subtractive
Only the submitted permissions are removed
Permission assignments not included in permissionIds remain unchanged
If a submitted permission is not currently assigned to the role, the operation still succeeds

Example

cURL

curl -X DELETE "https://your-tenant.guardhouse.cloud/api/v1/roles/1/permissions" \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "permissionIds": [1, 2]
  }'

.NET SDK

using Guardhouse.SDK.Models.Roles;
using Guardhouse.SDK.Services;

// Assumes AddGuardhouseClientWithApiClients(...) is already configured.
app.MapDelete("/example/roles/{roleId:int}/permissions", async (int roleId, IGuardhouseRolesClient rolesClient) =>
{
    var updated = await rolesClient.RemovePermissionsFromRoleAsync(roleId, new RemovePermissionsFromRoleRequest
    {
        PermissionIds = new[] { 1, 2 }
    });

    return updated ? Results.NoContent() : Results.NotFound();
});

Python SDK

# SDK support is in development.
# Use raw HTTP for now.
#
# Example shape:
# import requests
# response = requests.delete(
#     "https://your-tenant.guardhouse.cloud/api/v1/roles/1/permissions",
#     headers={
#         "Authorization": "Bearer YOUR_ACCESS_TOKEN",
#         "Content-Type": "application/json",
#     },
#     json={"permissionIds": [1, 2]},
# )

Notes

Use Get Role By ID after this operation to verify the updated permission matrix for the role.
Use Get Permissions if you need to inspect available permission IDs before removal.

Authentication​

Endpoint​

Request​

Headers​

Path Parameters​

Query Parameters​

Request Body​

Request Fields​

Validation Rules​

Response​

204 No Content​

Errors​

404 Example​

409 Example​

Behavior​

Example​

cURL​

.NET SDK​

Python SDK​

Notes​