Revoke Access

revoke access

Administrators and Workspace Owners can view/revoke the access of users and access tokens at any time.

This article outlines instructions for user sessions using Wayfinder's Web Interface or CLI.

CLI Instructions

To view or revoke live sessions

1. List all live sessions in your workspace:

   wf sessions --all

NAME                                                               ROLE               CLUSTER      NAMESPACE                   USER               EXPIRES AT              AGE
namespace.admin.aks-opdar.azure-demo-app-test-env5.name.tahh9dx    namespace.admin    aks-opdar    azure-demo-app-test-env5    name@appvia.io     2023-04-20T17:11:13Z    93m

2. To revoke access, find the username whose access you want to revoke in the USER column, and then delete the session using the value in the NAME column:

   wf sessions NAME --revoke

   The session name is the assumption policy associated with that user's assumed role session.

Web Interface Instructions

To view or revoke live sessions in Wayfinder's web interface

1. Select Workspaces > Your-Workspace-Name, then navigate to Settings and select the Live access sessions tab

   This page shows all live sessions on all clouds for your workspace, including:

   • Session name
   • Subject - the username of the user who has access in this session
   • Role - the role this user has assumed
   • Cluster/Namespace - the cluster and namespace being accessed
   • Expires - the amount of time left on this session to access the cluster
   • Session status

2. To revoke access, find the username whose access you want to revoke, and then click the Revoke access button for that username.

Screenshot(s)

• View live sessions

• Revoke a live sessions

Related Reading

• About global and workspace policies
• View access policies
• Create access policies
• Update access policies
• Enable or disable an access policy
• Delete a policy
• Learn about live sessions