servicecatalog/aws.sdk.kotlin.services.servicecatalog/ServiceCatalogClient/disassociatePrincipalFromPortfolio

disassociatePrincipalFromPortfolio

abstract suspend fun disassociatePrincipalFromPortfolio(input: DisassociatePrincipalFromPortfolioRequest): DisassociatePrincipalFromPortfolioResponse

Disassociates a previously associated principal ARN from a specified portfolio.

The PrincipalType and PrincipalARN must match the AssociatePrincipalWithPortfolio call request details. For example, to disassociate an association created with a PrincipalARN of PrincipalType IAM you must use the PrincipalType IAM when calling DisassociatePrincipalFromPortfolio.

For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal.

For more information, review associate-principal-with-portfolio in the Amazon Web Services CLI Command Reference.

If you disassociate a principal from a portfolio, with PrincipalType as IAM, the same principal will still have access to the portfolio if it matches one of the associated principals of type IAM_PATTERN. To fully remove access for a principal, verify all the associated Principals of type IAM_PATTERN, and then ensure you disassociate any IAM_PATTERN principals that match the principal whose access you are removing.