Skip to main content
Version: 3.0

Revoke Access of a Role

Applicable to both Classic and Federated modes

When a role’s access is no longer needed or security protocols require access limitations, you can revoke a role from a user or a group. This removes the access privileges linked to the role from the user or group, and they can no longer perform the tasks they previously could with the revoked role.

Prerequisites

  • You must have the super admin role to revoke roles from other users or groups. Only a super admin can revoke any role, including other super admin roles.

  • Identify the user or group whose role you want to revoke.

  • Verify the role's responsibilities to ensure that revoking the role does not impact the critical workflows or access to the resources they might still need.

note
  • Revoking a super admin role involves removing a user's or group's highest-level administrative privileges within the Portworx Backup ecosystem. This role typically has unrestricted access to all Portworx Backup resources (including RBAC and non-RBAC), so careful planning is required when revoking it to avoid unintended disruptions or security issues.
  • To avoid a gap after revoking a Portworx Backup role (either default roles or custom roles), Portworx recommends having at least one or two other super admins with equivalent access before removing the role of the identified user. If no other super admin role exists in Portworx Backup, consider creating one before proceeding.

Revoke role of a user

To revoke a role of a user from Portworx Backup web console, perform the following steps:

  1. From the home page, go to the left navigation pane.

  2. At the bottom of the left navigation pane, click User Profile > User Management.

  3. From the User Management page, navigate to User > Users tab and find the user you want to revoke the role from.

  4. Navigate to the end of the identified user's row, click Vertical Ellipsis, and select Manage Roles.

  5. In the Manage Roles window, click the X icon to revoke the role as shown in the following illustration:

  6. Click Save.

The Portworx Backup web console displays a notification message when the role is successfully revoked for the chosen user.

note

Role revocation takes effect for new sessions only. Any active session the user currently has open retains their previous access until the session ends or they log out.

Verify that the revoked user no longer has access to Portworx Backup resources or data that were previously accessible.

The above procedure remains the same regardless of the role you want to revoke for a user.

Revoke role of a group

To revoke a role of a group from Portworx Backup web console, perform the following steps:

  1. From the home page, go to the left navigation pane.

  2. At the bottom of the left navigation pane, click User Profile > User Management.

  3. From the User Management page, navigate to User > Groups tab and find the group you want to revoke the role from.

  4. Navigate to the end of the identified group's row, click Vertical Ellipsis, and select Manage Roles.

  5. In the Manage Roles window, click the X icon to revoke the role associated with the group as shown in the following illustration:

  6. Click Save.

The Portworx Backup web console displays a notification message when the role is successfully revoked for the chosen group.

Related Topics

Last updated on