Revoking User or Access Token Access
As a workspace owner, you can immediately revoke access for users or access tokens in your workspace.
- Users get access by assuming roles or accessing a cluster.
- Workspace and Platform Access Tokens get access when users assign roles to them. In addition, workspace access tokens get access when the developer switches the access token to enabled during the application deployment process.
View or revoke user access
You can see which users currently have permissions to access clusters in your workspace by viewing live sessions. A live session starts when a user has requested access permissions by running either of these commands:
As a workspace owner, you can then revoke any live session if needed.
View or revoke an Access Token's access
You can remove an Access Token's access in two ways:
- Remove the Access Token all together
- Remove a particular access right from the Access Token
You can see what access an Access Token has in your workspace by listing the policies for the role(s) assigned to that Access Token. As a workspace owner, you can then revoke the Access Token's access by deleting the relevant assignment policy. For more information, see Access Tokens.
To delete the Workspace Access Token:
wf delete workspaceaccesstoken TOKEN-NAME
To keep the workspace Access Token, but revoke the Access Token's access:
You can revoke the assignment policy as follow:
-
Get the assignment policy for the access token you want:
wf get accessrolebindings --workspace-access-token TOKEN-NAME➜ ~ wf get accessrolebindings --workspace-access-token azure-demo-app.test-env5.deploy
NAME STATUS AGE
azure-demo-app.test-env5.deploy-cluster.deployment-readonly Success 17h
azure-demo-app.test-env5.deploy-namespace.deployment Success 17h -
To revoke the Access Token's access, delete its assignment policy (in the
NAMEcolumn):wf delete accessrolebindings --workspace-access-token TOKEN-NAMEwf delete accessrolebinding azure-demo-app.test-env5.deploy-namespace.deployment