Flow Studio
Revoking Access
Remove an actor's access to a workflow immediately. Revocation is soft — the policy row is retained with a RevokedAt timestamp for audit trail purposes.
Revoke API
DELETE /api/processes/{processId}/access/{policyId}
Authorization: Bearer {ownerToken}Or by actor:
DELETE /api/processes/{processId}/access?actorId=user-abc123&actorType=User
Authorization: Bearer {ownerToken}Soft Delete Behaviour
The policy row is not deleted from the database. Instead, RevokedAt is set to the current UTC time. The access checker excludes rows where RevokedAt IS NOT NULL. This means:
- Revocation is immediate — the actor loses access on the next API call.
- The audit log retains the full grant/revoke history.
- Re-granting the same actor creates a new row (the old revoked row is kept).
Revoking an Owner
You cannot revoke the last Owner of a workflow. The API returns 409 Conflict if the revoke would leave the workflow Owner-less. To remove an Owner, first promote another actor to Owner, then revoke the first.
In-progress executions: Revoking access does not cancel running executions. If a user is executing a workflow when their access is revoked, the current execution continues to completion. Future execution attempts will be rejected.
Bulk Revoke (Admin)
Tenant Admins can remove a user's access from all workflows in the tenant — useful when offboarding a user:
DELETE /api/tenants/{tenantId}/actors/{userId}/access
Authorization: Bearer {tenantAdminToken}