Use Tanzu Mission Control to remove the custom roles created for your organization.

As an administrator, you can delete custom roles from your organization. If a role is currently in use in an access policy, you cannot delete the role, but you can tag the role as deprecated so that it can't be added to access policies.


Make sure you have the appropriate permissions.
  • To delete a custom role, you must be associated with the orginization.admin role for the organization.

Log in to the Tanzu Mission Control console, and then go to the Administration page.

Before you can delete a custom role, you must remove the role from any access policy that currently uses it.


  1. On the Administration page in the Tanzu Mission Control console, click the Roles tab.
  2. Click on the custom role you want to delete.
    You cannot delete the Tanzu built-in roles.
  3. On the custom role detail page, click Actions (on the top right of the page), and then choose Delete from the dropdown.
  4. In the confirmation dialog, enter the name of the role, and then click Delete.
    If the role is currently used by an access policy, it cannot be deleted. If the policy you are trying to delete is in use, Tanzu Mission Control displays a list of the policies that use it. Click View Policy to go to the policy and remove all role bindings that use the custom role before deleting it.
  5. Click Delete.