Revoke access
Revoking is one click in the team page. The interesting part is what it triggers behind the scenes — and when reducing a role is the better answer than removing the member entirely.
Revoke vs reduce
Both options live next to each member on the team page. Picking between them depends on what the member will still do:
- Reduce role when the person still belongs on the tenant but should no longer change rules — they moved off the data team but still consume the dashboard, for example. Reduce to viewer.
- Revoke when the person no longer belongs on the tenant at all. Job change, contract ended, project moved to a different team.
What stops working the moment you revoke
- Their App access to this tenant. The next page load they attempt returns a not-authorized response; the rest of their App (other tenants they're still on, their profile) is unaffected.
- Their personal access tokens scoped to this tenant. Any PAT they minted that included this tenant in its scope stops authenticating against this tenant's API surface. PATs scoped to other tenants they still have access to keep working.
- Any short-lived JWT exchanged from one of those PATs. Same story — the moment the underlying PAT loses authorization, the JWT's claims aren't enough on their own.
What doesn't change
- The traffic they generated. Recorded traffic stays in place — that's audit data, not personal data, and it persists with the user's email so the history is readable.
- Rules they authored. Rules belong to the tenant, not the author. They survive revoke; the audit trail still records who authored them.
- Markers they posted. Same — markers belong to the tenant.
If you might re-invite them later
Revoking and later re-inviting is the right pattern. The member's Airbrx login is untouched; the second invite picks up exactly the way the first did. You don't need to "keep them around at viewer level" against future need — that's cargo-culted from systems that didn't have clean revoke semantics.
Bulk revoke during an offboarding
For an employee who's leaving the company, the cleanest move is to walk every tenant they're a member of and revoke from each. The team page shows their full membership in one row once filtered by email. Pair this with a sweep of any PATs they minted that aren't tenant-scoped (account-wide tokens are revoked through the API explorer).
Audit trail
Every revoke is recorded with the actor, the affected member, the role at the time of revoke, and the timestamp. Audit events surface in the team page's history strip and in the analytics audit endpoint. Don't rely on screenshots for compliance evidence — the underlying record is authoritative.
Where to go next
- Invite someone to a tenant — the inverse path.
- Scope a token — the cube that determines what survives a revoke.
- Security posture — tenant isolation in concept terms.