4.4 Revoking Permissions

If you no longer need access to a role or a resource, you can revoke the permission to that role or resource. To revoke a permission, navigate to Access > Permissions and select the required permission and specify a reason for revoking the permission.

You can also revoke a permission on behalf of other users. For example, if your team member has moved from Department 1 to Department 2, and the team member does not need access to a particular resource any longer, Identity Manager provides the facility to revoke the permission for that user. To revoke a permission, select Others and remove the permission. You can revoke multiple permissions at one time.You can add these permission to a queue for reviewing them before deciding to revoke them.

Only the administrator and a team manager can revoke permissions for other users. An administrator can revoke permissions for any user in the organization while a team manager can revoke permissions only for his team members.

You can revoke permissions for other users through the following ways:

  • Search by user: Allows you to search for a user and revoke permissions for that user. You can directly revoke a permission for the user or add the permission to a queue. A queue is a persistent work area where you can temporarily store permissions that you can review and revoke if required. You can then search for other permissions that you want to revoke for that user and add them to the queue. This allows you to revoke all permissions at one time.

  • Search by permissions: Allows you to search for a specific permission. If you select a permission, it will list all the users who have that permission. You can directly revoke the permission for the selected user or add this permission to a queue and revoke that permission for multiple users at one time.

Team Manager: If you are a team manager, you can revoke permissions of your team members in the Others tab. Ensure you have required permissions to revoke others permissions.

Administrator: If you are an administrator, you can add revoke permissions for a team manager. For example, if you want to add revoke a role from a user permission for a team manager. Go to People > Teams, edit the team permissions to enable revoke permissions for a team manager.

Figure 4-2 Example to Add Revoke Permission for a Team Manager

This option allows the team manager to revoke the selected role from the team members.

NOTE:If you revoke a permission, your permissions list might not immediately reflect the change. This may be because the permission is associated with a revoke process which can take time. Refresh the list to view the changes.

For more information, click on the Dashboard.