Revoke Grants for a Subject
Available since
- v5.4.2 and later
Endpoint: DELETE /api/auth/subjects/{subjectType}/{subjectId}/grants
Revokes all per-instance grants for a subject. Optionally scoped to a specific resource type. Useful for cleanup when a role-level permission is revoked and the associated per-instance grants need to be cleared as well.
Path parameters
| Parameter | Description | Type | Required/ Optional |
|---|---|---|---|
| subjectType | The type of subject whose grants are being revoked. Supported values:
| string | Required. |
| subjectId | The unique identifier of the subject (e.g., user email, role name, or group name). | string | Required. |
Query parameters
| Parameter | Description | Type | Required/ Optional |
|---|---|---|---|
| resourceType | Filter the revocation by resource type. If not specified, all per-instance grants across all resource types are revoked for the subject. Supported values:
| string | Optional. |
Response
Returns a confirmation message.
Examples
Revoke grants for a subject
Request
curl -X 'DELETE' \
'https://<YOUR-SERVER-URL>/api/auth/subjects/USER/jane.doe%40acme.com/grants?resourceType=WORKFLOW_DEF' \
-H 'accept: application/json' \
-H 'X-Authorization: <TOKEN>'
Response
{
"message": "Revoked grants"
}