Prerequisite
For role-based access control (RBAC) to work properly, you must enable it for your API using either the Dashboard or the Management API. The Authorization Core functionality is different from the Authorization Extension. For a comparison, read Authorization Core vs. Authorization Extension.Dashboard
- Go to Dashboard > User Management > Roles and click the name of the role to view.
- Click the Permissions view, then click the trashcan icon next to the permission you want to remove, and confirm.
Management API
Make aDELETE call to the Delete Role Permissions endpoint. Be sure to replace ROLE_ID, MGMT_API_ACCESS_TOKEN, API_ID, and PERMISSION_NAME placeholder values with your role ID, Management API , API ID(s), and permission name(s), respectively.