Root user removal from Azure

Root inherited user removal from Azure using following 3 CLI methods.

Azure CLI:
You can use the az role assignment delete command to delete a role assignment at the root level. For example, to remove the Owner role from a user with the email address user@contoso.com, you can run this command:

az role assignment delete — assignee user@contoso.com — scope “/” — role Owner

Photo by Pankaj Patel on Unsplash

To remove a root (inherited) user from Azure, you need to use one of the following methods:

1- PowerShell:

You can use the `Remove-AzRoleAssignment` cmdlet to remove a role assignment at the root level. For example, to remove the Owner role from a user with the email address user@contoso.com, you can run this command:

```powershell
Remove-AzRoleAssignment -SignInName user@contoso.com -Scope “/” -RoleDefinitionName Owner
```

2- Azure CLI:

You can use the `az role assignment delete` command to delete a role assignment at the root level. For example, to remove the Owner role from a user with the email address user@contoso.com, you can run this command:

```bash
az role assignment delete — assignee user@contoso.com — scope “/” — role Owner
```

3- REST API:

You can use the Role Assignments — Delete REST API to delete a role assignment at the root level. For example, to remove the Owner role from a user with the email address user@contoso.com, you need to first get the object ID of the user and the role definition ID of the Owner role, and then make a DELETE request to this URL:

```http
https://management.azure.com/{scope}/providers/Microsoft.Authorization/roleAssignments/{roleAssignmentName}?api-version=2015-07-01
```

where `{scope}` is `/`, `{roleAssignmentName}` is a GUID that uniquely identifies the role assignment, and `api-version` is the version of the API.