WF-113: Auditor Access Revocation

Workflow ID: WF-113 Category: Security & Compliance Priority: P1 Last Updated: January 11, 2026

---

Overview

This workflow handles the removal of auditor read-only access upon completion of audit engagements, ensuring audit trails are preserved and compliance reporting is generated.

---

Trigger Events

• Audit engagement end date reached
• Manual revocation by admin
• Auditor request for access removal
• Compliance period expiration

---

Sequence Diagram

---

Process Steps

1. Pre-Revocation

Admin Actions:

1. Navigate to Team Management > Auditors
2. Select auditor to revoke
3. Confirm revocation intent
4. Optionally set effective date

System Validations:

Check	Purpose
Active audit period	Warn if audit still active
Pending reports	Ensure reports are complete
Admin permissions	Verify requester can revoke

2. Access Snapshot

Before revocation, system captures:

{
  "auditor_id": "aud_123",
  "snapshot_date": "2026-01-11T12:00:00Z",
  "access_granted": "2025-11-01T00:00:00Z",
  "resources_accessed": [
    "audit_logs",
    "compliance_reports",
    "user_activity"
  ],
  "last_access": "2026-01-10T15:30:00Z",
  "total_queries": 1247,
  "data_exported": false
}

3. Audit Trail Preservation

Retained Data (Immutable):

Data Type	Retention Period	Purpose
Access logs	7 years	Compliance
Query history	7 years	Evidence
Export records	7 years	Data tracking
Session logs	7 years	Activity proof

Storage: Encrypted, append-only audit storage

4. Permission Revocation

Actions:

1. Revoke auditor role from user
2. Remove from all audit-enabled resources
3. Invalidate active sessions
4. Revoke API tokens
5. Remove from audit group

5. Compliance Report Generation

Report Contents:

## Audit Engagement Summary

Auditor: [Name]
Engagement Period: Nov 1, 2025 - Jan 11, 2026
Resources Accessed: audit_logs, compliance_reports
Total Queries: 1,247
Data Exported: No
Revocation Date: Jan 11, 2026

## Access Timeline
- Nov 1, 2025: Access granted
- Nov 5, 2025: First login
- Jan 10, 2026: Last access
- Jan 11, 2026: Access revoked

## Certification
This report certifies that all auditor access has been
revoked and audit trails have been preserved in accordance
with [Compliance Framework].

6. Notifications

To Admin:

• Confirmation of revocation
• Link to compliance report
• Archive location reference

To Auditor:

• Access removal notice
• Final report availability (if applicable)
• Contact for questions

---

API Endpoints

Endpoint	Method	Purpose
/api/v1/auditors/{id}	GET	Get auditor details
/api/v1/auditors/{id}/revoke	POST	Revoke access
/api/v1/auditors/{id}/report	GET	Get compliance report
/api/v1/auditors/{id}/snapshot	GET	Get access snapshot

Request: Revoke Access

POST /api/v1/auditors/aud_123/revoke
{
  "effective_date": "2026-01-11",
  "reason": "audit_complete",
  "generate_report": true,
  "notify_auditor": true
}

Response

{
  "status": "revoked",
  "revoked_at": "2026-01-11T12:00:00Z",
  "report_url": "/api/v1/auditors/aud_123/report",
  "snapshot_id": "snap_abc123",
  "archive_reference": "ARC-2026-0111-001"
}

---

Compliance Frameworks

This workflow supports:

Framework	Requirement
SOC 2	Access control logging
HIPAA	Audit trail preservation
GDPR	Access documentation
ISO 27001	Security event logging

---

Error Handling

Error	Cause	Resolution
AUDIT_ACTIVE	Audit period not ended	Wait or force-revoke
PENDING_EXPORT	Data export in progress	Wait for completion
PERMISSION_DENIED	Insufficient admin rights	Escalate to super admin
REPORT_FAILED	Report generation error	Retry or manual generate

---

Audit Events

Event	Logged Data
auditor.revoke.initiated	Admin ID, Auditor ID, Timestamp
auditor.snapshot.created	Snapshot ID, Data summary
auditor.permissions.revoked	Permission list, Timestamp
auditor.sessions.invalidated	Session count, Timestamp
auditor.report.generated	Report ID, Location
auditor.revoke.completed	Final status, Duration

---

Related Workflows

• WF-050: Auditor Access Grant
• WF-114: Multi-OpUnit Access Assignment
• WF-115: Team Deletion/Archival

---

Last Updated: January 11, 2026