Revoking Access
Witboost empowers owners with the ability to revoke access to certain users or groups who have previously been granted access to a resource.
An example of how to configure a revoke access template can be found here. For a complete user interface tour of a revoke process you can navigate to the user manual.
Prerequisites
To revoke access to a resource, you need to meet the following requirements:
- The platform team has enabled the
mesh.marketplace.ui.accessControl.enableRevokeRequestconfiguration in your Witboost settings. - The platform team has previously imported a revoke template in Witboost.
Revoking an access
The owner can access the Access Control panel in the Marketplace by opening the data product page.
Then he can select an output port for which there is an active access granted, and click on the revoke button. A modal appears letting the owner select which are the identities for which the access should be revoked. When the user sends the revoke request, this follows the regular flow:
- if a remote hook is set, the remote service will be invoked with the revoke request
- if the action handler uses the internal notifications, the internal flow is performed (and the technology adapters are invoked in case this is the configured behavior)
After the revoke operation completes successfully, the owner will see the updated rows in the Access Control table.
Remember that the Platform Team must register a valid Revoke Access Template for the revoke functionality to be enabled. You can learn more about this template in the dedicated section.
Locked users and groups
This kind of users/groups are created only during the provisioning phase (See Access Control Modes). They have the characteristic of not be able to be revoked since it is a matter of the external ACL service of doing it. The only way to revoke the access to them is to unprovision the resource they belong to.