How you revoke a user's access depends on how their account was granted access:
- Cyral ephemeral access grant: If the user was given access via a Cyral ephemeral access grant (just-in-time grant), you can revoke the grant in the Cyral control plane UI by navigating to Repositories, clicking your repository's name, and selecting the User Grants tab. Find the session you want to revoke, and click Revoke.
- Database-native credentials: If the user logged in via Cyral using native database credentials, the database administrator can disable the user's account in the database. (That is, disable the database user account just as you would in a non-Cyral environment.)
- SSO credentials: If the use logged in via SSO, you can disable their ability to connect in one of two ways: (a.) in your identity management platform, remove their membership in the user group that granted them access to the repository; or (b) disable their account in the identity platform.