{"templateId":"markdown","sharedDataIds":{"sidebar":"sidebar-apis/platform/iam/sidebars.yaml","oas-apis/platform/iam/openapi/iam-openapi.json":"oas-apis/platform/iam/openapi/iam-openapi.json"},"props":{"metadata":{"markdoc":{"tagList":["openapi-code-sample"]},"type":"markdown"},"seo":{"title":"Revoke Access for a Departed User","keywords":"documentation, api, portal, banking, payment, account information, aritma, psd2, open banking, reconciliation","description":"Developer documentation for Aritma's banking and financial APIs - payments, account information, webhooks, authentication and integrations.","meta":[{"name":"google-site-verification","content":"hplqlK_5O42BZjNnjtVQMEpxv9JkxcD1eH4J1T-NQmI"}],"llmstxt":{"hide":false,"sections":[{"title":"Table of contents","includeFiles":["**/*"],"excludeFiles":[]}],"excludeFiles":[]}},"dynamicMarkdocComponents":["openapi"],"compilationErrors":[],"ast":{"$$mdtype":"Tag","name":"article","attributes":{},"children":[{"$$mdtype":"Tag","name":"Heading","attributes":{"level":1,"id":"revoke-access-for-a-departed-user","__idx":0},"children":["Revoke Access for a Departed User"]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["A user has left your organization. You need to ensure they can no longer access any Aritma resources."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":[{"$$mdtype":"Tag","name":"strong","attributes":{},"children":["Approach:"]}," Find all their policies and delete them. If they are in any groups, remove them."]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"prerequisites","__idx":1},"children":["Prerequisites"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["An access token with IAM admin permissions"]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["The subject ID of the user whose access you want to revoke"]}]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-1-find-all-policies-for-the-user","__idx":2},"children":["Step 1: Find all policies for the user"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"FindPolicies","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Filter by ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["subject"]}," using the user's subject ID. Repeat with pagination if the response includes a ",{"$$mdtype":"Tag","name":"code","attributes":{},"children":["cursor"]},"."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-2-delete-each-policy","__idx":3},"children":["Step 2: Delete each policy"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"RemovePolicy","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Repeat for each policy returned in step 1."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-3-check-group-memberships","__idx":4},"children":["Step 3: Check group memberships"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"GetSubjectMemberships","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["This returns all groups the user currently belongs to. Group membership may grant additional permissions through group-level policies."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"step-4-remove-from-each-group","__idx":5},"children":["Step 4: Remove from each group"]},{"$$mdtype":"Tag","name":"OpenApiCodeSample","attributes":{"descriptionFile":"oas-apis/platform/iam/openapi/iam-openapi.json","operationId":"RemoveSubjectFromSubjectGroup","language":"curl","parameters":{},"environments":{}},"children":[]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Repeat for each group returned in step 3."]},{"$$mdtype":"Tag","name":"p","attributes":{},"children":["Access is revoked immediately — there is no delay or cache TTL to wait for."]},{"$$mdtype":"Tag","name":"hr","attributes":{},"children":[]},{"$$mdtype":"Tag","name":"Heading","attributes":{"level":2,"id":"next-steps","__idx":6},"children":["Next steps"]},{"$$mdtype":"Tag","name":"ul","attributes":{},"children":[{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To delete the user subject entirely, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/user-management#delete-a-user"},"children":["User Management"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To manage groups and their members, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/groups"},"children":["Groups"]}]},{"$$mdtype":"Tag","name":"li","attributes":{},"children":["To review remaining policies across your tenant, see ",{"$$mdtype":"Tag","name":"a","attributes":{"href":"/apis/platform/iam/guides/policies"},"children":["Policies"]}]}]}]},"headings":[{"value":"Revoke Access for a Departed User","id":"revoke-access-for-a-departed-user","depth":1},{"value":"Prerequisites","id":"prerequisites","depth":2},{"value":"Step 1: Find all policies for the user","id":"step-1-find-all-policies-for-the-user","depth":2},{"value":"Step 2: Delete each policy","id":"step-2-delete-each-policy","depth":2},{"value":"Step 3: Check group memberships","id":"step-3-check-group-memberships","depth":2},{"value":"Step 4: Remove from each group","id":"step-4-remove-from-each-group","depth":2},{"value":"Next steps","id":"next-steps","depth":2}],"frontmatter":{"title":"Revoke Access for a Departed User","seo":{"title":"Revoke Access for a Departed User"}},"lastModified":"2026-05-08T13:38:07.000Z","pagePropGetterError":{"message":"","name":""}},"slug":"/apis/platform/iam/use-cases/revoke-access","userData":{"isAuthenticated":false,"teams":["anonymous"]},"isPublic":true}