From 9fc2925b00cfe2a33cf0cb83c326f703e5a85348 Mon Sep 17 00:00:00 2001
From: wangxiaolei <fatelei@gmail.com>
Date: Thu, 25 Jun 2026 10:08:07 +0800
Subject: [PATCH] feat: delete member delete rbac binding (#37904)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
---
 api/services/account_service.py         |  3 +++
 api/services/enterprise/rbac_service.py | 11 +++++++++++
 2 files changed, 14 insertions(+)

diff --git a/api/services/account_service.py b/api/services/account_service.py
index 7ab757040bb..445b1acd3b9 100644
--- a/api/services/account_service.py
+++ b/api/services/account_service.py
@@ -1788,6 +1788,9 @@ class TenantService:
                 account_id,
             )
 
+        if dify_config.RBAC_ENABLED:
+            RBACService.MemberRoles.delete_rbac_bindings(tenant_id=tenant.id, account_id=account_id)
+
     @staticmethod
     def update_member_role(
         tenant: Tenant, member: Account, new_role: str, operator: Account, *, session: scoped_session | Session
diff --git a/api/services/enterprise/rbac_service.py b/api/services/enterprise/rbac_service.py
index af6f79948d7..1072c7051b0 100644
--- a/api/services/enterprise/rbac_service.py
+++ b/api/services/enterprise/rbac_service.py
@@ -1685,6 +1685,17 @@ class RBACService:
             )
             return MemberRolesResponse.model_validate(data or {})
 
+        @staticmethod
+        def delete_rbac_bindings(tenant_id: str, account_id: str):
+            data = _inner_call(
+                "DELETE",
+                f"{_INNER_PREFIX}/members/rbac-bindings",
+                tenant_id=tenant_id,
+                account_id=account_id,
+                params={"account_id": account_id},
+            )
+            return data
+
     class CheckAccess:
         """Call the ``/inner/api/rbac/check-access`` endpoint."""