DELETE /users/<sid>

Deletes the user with the specified ID, regardless of whether they are a user defined in PE RBAC (local) or a user defined by a directory service (remote). Authentication is required.

The admin user and the api_user can't be deleted. The API user is for service-to-service authentication within PE. It cannot be used with the standard login, and it is only available through certificate-based authentication. The RBAC allow list identifies (by certname) the certificates you can use for API user authentication.

Request format

When Forming RBAC API requests to this endpoint, the URI path must include the ID of the user you want to delete from the PE console. For example:

curl -X DELETE "https://$(puppet config print server):4433/rbac-api/v1/users/76351f96-3d89-4947-bde9-bc3d86542839" \
-H "X-Authentication:$(puppet-access show)"

Response format

If the user is successfully deleted, the endpoint returns a 204 No Content response.

When removing directory service users (remote users), this action removes the user from the PE console, but the user is still able to log in if they are not revoked. When a non-revoked directory service user logs in, their account is re-added to the console. Make sure to use the POST /command/users/revoke endpoint to revoke the user's access.

Error responses

If the requesting user (based on the authentication in the request) does not have the users:edit permission for the specified user, the endpoint returns a 403 Forbidden response.

If there is no user with the provided ID, the endpoint returns a 404 Not Found response.

For other errors, refer to RBAC service errors .