If a Resource Access Management (RAM) role no longer needs specific permissions, you can revoke the permissions from the RAM role. This topic describes how to revoke the permissions from a RAM role.

Note You cannot revoke permissions from service-linked roles by detaching policies from the roles. This is because the policies that are attached to this type of role are defined by the linked cloud services. For more information, see Service-linked roles.

Method 1: Revoke permissions from a RAM role on the Roles page

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Identities > Roles.
  3. On the Roles page, click the name of a specific RAM role.
  4. On the page that appears, click the Permissions tab, find the policies that you want to detach from the RAM role, and then click Remove Permission in the Actions column.
  5. Click OK.

Method 2: Revoke permissions from a RAM role on the Grants page

  1. Log on to the RAM console by using your Alibaba Cloud account.
  2. In the left-side navigation pane, choose Permissions > Grants.
  3. On the Grants page, find the RAM role from which you want to revoke permissions and click Revoke Permission in the Actions column.
  4. Click OK.