role unassign

  • Updated on Jan 30, 2026
  • Published on Jan 28, 2026
  • 1 minute(s) read
Prev Next

This command removes permissions from a role.

Usage
role unassign --id ID
              {--realm REALM| {--object-type OBJECT_TYPE --object-id OBJECT_ID}}
              [--permissions create|view|edit|delete]
Required Parameters

--id

Specifies the role.

Options

--realm REALM

Specify a realm of VMS objects. Possible values:

  • events. This realm includes alarms, events, event definitions and global event definition settings.

  • hardware. This realm includes the cluster object and all infrastructure components.

  • logical. This realm includes virtual IPs for network access, DNS service, Element Store views for protocol access, directory and user quotas, data protection features except for indestructibility, and S3 life cycle rules.

  • monitoring. This realm includes analytics reports, capacity usage estimations, data flow analytics.

  • security. This realm includes users and groups for data client access, authentication providers, VMS Role Based Access Control (RBAC), indestructibility for snapshots and protection policies, S3 identity policies, and VAST Data Support tunnels for remote support access.

  • settings. This realm includes VMS settings.

  • support. This realm includes Call Home configuration, support bundles, licenses, envs, and modules.

--object-type OBJECT

Use this parameter together with --object-id to specify an object. In this case, the command will remove permission to access a specific object.

Examples of objects are:

  • cluster

  • cnode

  • dnode

  • dbox

  • cbox

  • view

  • viewpolicy

  • quota

  • vippool

  • eventdefinition

  • ldap

For example, if you want to remove permission to access a given view, you would specify --object-type view and then provide the view's view ID as --object-id.

--object-id OBJECT_ID

Specify an object ID of the type specified by --object-type.

For example: --object-id 3

--permissions create|view|edit|delete

Include this parameter to specify a specific type of permission. Omit this parameter to remove all types.

Example

The following example removes all permissions to the security realm:

vcli: admin> role unassign --id 2 --realm security
Related articles
  • role unassign
    VAST Cluster > Version 5.3 > VAST Cluster 5.3 CLI Command Reference > role commands
  • role unassign
    VAST Cluster > Version 5.2 > VAST Cluster 5.2 CLI Command Reference > role commands
  • role unassign
    VAST Cluster > Version 5.1 > VAST Cluster 5.1 CLI Command Reference > role commands