An Administrator role in Workspace ONE Access can be revoked from the specific role’s Assign page. You can revoke all roles that are assigned to a user from the user’s profile page.
You can remove the group from the role, to revoke the role for all members of the group. You cannot remove a role from a specific member of the group. To remove a user from the role, you remove the user from the group.
Remove Workspace ONE Access Administrator Role from Individual Users
A super administrator or an admin with the roles administration role can remove an administrator user from a role in the Workspace ONE Access service.
- In the Workspace ONE Access console page, select the user name. All the roles assigned to this user are listed in the section.
- Click EDIT and deselect the check box for the roles to revoke.
- Click NEXT to navigate to the Summary page and then click SAVE.
The user is removed from the role and the role is removed from the user profile.
Remove a Group from a Workspace ONE Access Admin Role
When you remove a group from a role, access is revoked for all members of the group. The Roles section of the user and the group profile pages is updated to remove the role.
Individual member of a group cannot be removed from a role. To remove a member of a group from a role, remove the user from the group.
- In the Workspace ONE Access console
In the Group Info page, the Roles section lists all the roles assigned to this group.
page, select the group name from the list .
- In the Roles section, click here.
You are redirected to the Roles page.
- Select the role and click Assign.
- Click X next to the group name to remove the group from the role.
- Click Save.
Removing Groups from a Role
Group A, which includes User1, User2, and User3, is assigned to the Directory Admin role. The Group A, User1, User2, and User3 profiles are updated to reflect the Directory Admin role in their profile pages.
User2, also is directly assigned to the Directory Admin role.
You revoke access to Group A. Group A, User1, and User3 are removed from the role and the role is removed from these profile pages.
Because User2 was directly assigned to the Directory Admin role, User2 is still assigned to the Directory Admin role.