# Remove member

**DELETE** `/users/{userId}`

Removes a member from the active workspace roster. The user row is
retained for historical actor references, active application sessions
are revoked, and the member no longer appears in the workspace user
roster.

Authentication: bearerAuth
Required scopes: `user:disable`
Allowed roles: `owner`, `admin`
Authorization: Remove a member from the workspace.

## Parameters

- `userId` (path string, required)

## Responses

- `204`: Member removed
- `400`: Invalid request. Codes:
  - `auth_member_self_removal_forbidden` — caller targeted themselves
- `403`: Caller lacks authority for this member removal. Codes:
  - `auth_authz_member_remove_denied` — matrix rejects the remove action
  - `auth_member_removal_forbidden` — caller cannot remove an Owner target
- `404`: Target user not found in the caller's tenant. Code:
  - `auth_user_not_found`
- `409`: Tenant invariant would be violated. Code:
  - `auth_user_last_owner_required` — removal would leave zero active Owners
- `default`: Error
