Unassign User From Role
Remove a role assignment from a user.
Authentication
This endpoint requires a bearer access token for the System API.
Endpoint
DELETE /api/v1/users/{userId}/roles/{roleId}
Authorization: Bearer YOUR_ACCESS_TOKEN
Content-Type: application/json
Request
Headers
| Header | Required | Description |
|---|---|---|
Authorization | Yes | Bearer token for a System API client |
Content-Type | Yes | Must be application/json |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
userId | integer | Yes | User identifier. Must be greater than 0. |
roleId | integer | Yes | Role identifier. Must be greater than 0. |
Query Parameters
This endpoint does not accept query parameters.
Request Body
{
"instantLogout": false
}
Request Fields
| Field | Type | Required | Description |
|---|---|---|---|
instantLogout | boolean | No | Accepted by the API for immediate logout workflow control. Default: false. |
Response
204 No Content
The role was unassigned successfully.
This endpoint does not return a response body on success.
Errors
| Status | When it happens |
|---|---|
401 Unauthorized | The bearer token is missing, invalid, or expired |
403 Forbidden | The token is valid but does not have access to this endpoint |
404 Not Found | No user exists with the provided userId |
404 Example
User not found
Behavior
- The role assignment is removed if it exists
- If the role is not currently assigned, the request still succeeds with
204 No Content instantLogoutis accepted by the endpoint, but this endpoint does not currently expose a documented immediate logout result
Example
cURL
curl -X DELETE "https://your-tenant.guardhouse.cloud/api/v1/users/101/roles/1" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instantLogout": false
}'
.NET SDK
using Guardhouse.SDK.Models.Users;
using Guardhouse.SDK.Services;
// Assumes AddGuardhouseClientWithApiClients(...) is already configured.
app.MapDelete("/example/users/{userId:int}/roles/{roleId:int}", async (int userId, int roleId, IGuardhouseUsersClient usersClient) =>
{
var unassigned = await usersClient.UnassignUserFromRoleAsync(userId, roleId, new UnassignUserFromRoleRequest
{
InstantLogout = false
});
return unassigned ? Results.NoContent() : Results.NotFound();
});
Python SDK
# SDK support is in development.
# Use raw HTTP for now.
#
# Example shape:
# response = requests.delete(
# "https://your-tenant.guardhouse.cloud/api/v1/users/101/roles/1",
# headers={
# "Authorization": "Bearer YOUR_ACCESS_TOKEN",
# "Content-Type": "application/json",
# },
# json={"instantLogout": False},
# )
Notes
- Use Get User By ID to verify current role assignments.
- Use Assign User To Role to restore the assignment later if needed.