Skip to content

Requesting Access Removal

You can submit a request to revoke your own access and, if you are a manager, for your team. From the My Access page, you can submit revocation requests for your own access to roles and access profiles.

As a manager, you can request the revocation of a team member’s access to roles and access profiles from the My Team page. For example, your team member may be switching to a different team or project and no longer requires that access.

If you have the Access Revoker user level, you can submit a revocation request for anyone. Refer to Managing Access for details about submitting removal requests as an Access Revoker.

Notes

You cannot submit access revocation requests for the following:

  • Roles granted by membership criteria
  • Access profiles granted through role membership

If removed, these roles and access profiles are automatically reassigned upon nightly refresh. Refer to Automating Role Assignment for more information.

Requesting Role Revocation

Roles may be revoked if they are granted by an access request. Those granted by criteria assignment may not be revoked.

  1. From the dashboard, select My Access to revoke your own access or My Team to revoke access from someone on your team.
  2. If you selected My Team, select an identity from the list of your team members.

  3. On the identity details page, select the Roles tab.

    List of team members. The Roles tab displays 4 granted roles, with descriptions and Role Owners.

  4. Select the name of the role that you want to request revocation of.

  5. On the left navigation, select an Assignment to review its details, including which accounts it was assigned to.

    Role Assignment page, including an expiration date with the Edit option and the Revoke Assignment button.

  6. If a role assignment was granted by a request, it is revocable. Select Revoke Assignment.

  7. Enter a comment explaining why this access should be removed. Removal requests require comments.
  8. Select Submit Request.

If the request doesn't require approval, the identity’s access removal will be triggered. If the request requires approval, the request will be sent to a reviewer. You’ll receive an email when they have approved or denied your request.

Editing an Access Expiration Date

If the assignment has an expiration date, you can submit a request to change that date. On the Assignment Details page, locate the expiration date and select Edit. Select a new expiration date, add comments, and select Submit Request.

Requesting Access Profile Revocation

Access profiles that are not connected to a role assignment may be revoked. Because access profiles can only be assigned once per identity, the access profile flow is simpler, displaying the item details in an overlay that includes a revoke option if the assignment is revocable.

  1. From the dashboard, select My Access to revoke your own access or My Team to revoke access from someone on your team.
  2. If you selected My Team, select an identity from the list of your team members.

  3. On the identity details page, select the Access Profiles tab.

    List of team members. The Access Profiles tab displays 8 granted access profiles, with source, descriptions, and expiration date.

  4. Select the name of the access profile you want to request to have revoked.

    List of access profiles with an overlay of the selected access profile, including the Request Removal button.

    Note

    Access profiles that are marked as not revocable are included as part of a role assignment. They cannot be revoked because the role's requirements would cause them to be automatically reassigned upon nightly refresh.

  5. Select Request Removal.

  6. Enter a comment explaining why this access should be removed. Removal requests require comments.

    Revoke Access panel with a mandatory comment box.

  7. Select Submit to submit your access removal request.

If the request doesn't require approval, the identity’s access removal will be triggered. If the request requires approval, the request will be sent to a reviewer. You’ll receive an email when they have approved or denied your request.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.