DELETE Permissions/Object/{guid}/(ptype)/{principal}

Deletes assigned permissions for a principal on the specified object. The principal identity can originate from an AD, LDAP, or local identity provider.

Requirements

• Permissions: The caller must have Manage permission to the specified object.
• Token scope:  Security:Delete

Headers

• Content type: Content-Type:application/json.

• Token: The bearer access token that you received. For example, Authorization:Bearer 4MyGeneratedBearerTknz==. For more information, see Passing a bearer token in your API calls.

Parameters

Input parameters

Name	Description
{guid}	In the request URL, specify the GUID of the object for which to list principals assigned permissions. Depending on your environment, the GUID may be expressed with or without curly braces {}. For example, {3d6b61d-1c71-4603-883f-25b8c2ceecdd}.
(ptype)	In the request URL, use the appropriate syntax for the identity provider type: AD/[providerName]: Active Directory identity provider. For example: /AD/venqa. LDAP/[providerName]: Light Directory Access Protocol. For example: /LDAP/ODSEE. local: Trust Protection Platform identity provider.
principal	In the request URL, specify a Universal Unique Identifier (UUID) of a person or group. Otherwise, specify the Prefixed Universal. To get this information, call POST Identity/Browse.

Returns

Returns no other content except unless there is an error.

Response description

Name	Description
HTTP 200	(empty response body) Successful deletion of the permissions assignment for the specified object and principal.
HTTP 404	Not Found. Error
Error	Permission does not exist so cannot be updated. Accompanies a HTTP 404. Unable to verify principal.

Example 1: Delete a local user's permissions on a policy folder

Request for Example 1

Response for Example 1

Example 2: Delete a AD user's permissions on a policy folder

Request for Example 2

Response for Example 2

Example 3: No permissions assigned to principal

Request for Example 3

Response for Example 3