When you remove a group from a role, access is revoked for all members of the group. The Roles section of the user and the group profile pages is updated to remove the role.
Individual member of a group cannot be removed from a role. To remove a member of a group from a role, remove the user from the group.
If a user in the group was directly assigned to the role, when the group is removed from the role, the administrator role is maintained for the user.
- In the VMware Identity Manager console Users and Groups tab, select Groups and then the group name.
The Profile page, Roles row lists all the roles assigned to this group.
- In the Roles row, click here.
You are redirected to the Roles page.
- Select the role and click Assign.
- Click X next to the group name.
- Click Save.
The group is removed from the role. The role is removed from the group profile and from each member profile.
Example: Example of Removing Groups from a Role
Group A, which includes User1, User2, and User3, is assigned to the Directory Admin role. The Group A, User1, User2, and User3 profiles are updated to reflect the Directory Admin role in their profile pages.
User2, also is directly assigned to the Directory Admin role.
You revoke access to Group A. Group A, User1, and User3 are removed from the role and the role is removed from these profile pages.
Because User2 was directly assigned to the Directory Admin role, User2 is still assigned to the Directory Admin role.