remove_realm_role_from_user
Remove assigned realm roles from a Keycloak user by specifying the user ID and role names. Supports custom realm configuration for targeted role management.
Instructions
Remove realm roles from a user.
Args:
user_id: User ID
role_names: List of role names to remove
realm: Target realm (uses default if not specified)
Returns:
Status message
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| realm | No | ||
| role_names | Yes | ||
| user_id | Yes |
Implementation Reference
- src/tools/role_tools.py:239-265 (handler)The core handler function that executes the tool: fetches the role representations and sends a DELETE request to Keycloak's user role-mappings endpoint to remove the roles from the user.async def remove_realm_role_from_user( user_id: str, role_names: List[str], realm: Optional[str] = None ) -> Dict[str, str]: """ Remove realm roles from a user. Args: user_id: User ID role_names: List of role names to remove realm: Target realm (uses default if not specified) Returns: Status message """ # Get role representations roles = [] for role_name in role_names: role = await client._make_request("GET", f"/roles/{role_name}", realm=realm) roles.append(role) await client._make_request( "DELETE", f"/users/{user_id}/role-mappings/realm", data=roles, realm=realm ) return { "status": "removed", "message": f"Roles {role_names} removed from user {user_id}", }
- src/tools/role_tools.py:238-238 (registration)The @mcp.tool() decorator registers this function as an MCP tool named 'remove_realm_role_from_user' based on the function name, with schema inferred from type hints and docstring.@mcp.tool()