do the same to delete

api/src/Controllers/UsersController.cs

@@ -67,7 +67,7 @@ public class UsersController : ControllerBase {
     }
 
     [Authorize(Policy = Permission.SensitiveData_Modify)]
-    [HttpDelete("{id}/permission")]
+    [HttpDelete("{id}/{permission}")]
     public async Task<ActionResult> removePermission(string id, string permission) {
 
         var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);

client/src/api/UsersApi.ts

@@ -10,6 +10,6 @@ export const getUser = (id: string) => api.get<UserDto>(`${API_URL}/${id}`);
 
 export const deleteUser = (id: string) => api.delete<UserDto>(`${API_URL}/${id}`);
 
-export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/permission`)
+export const removePermission = (id: string, permission: string) => api.delete(`${API_URL}/${id}/${permission}`)
 
 export const addPermission = (id: string, permission: string) => api.post(`${API_URL}/${id}/${permission}`)