Bulk Revoke of Share Data Access
The Revoke Share Data Access process will revoke data security that was granted using the Share Data Access task. This process automates the process of revoking data access that was previously shared.
You can revoke access in bulk by either the expiration date or creation date. To revoke access by expiration date, use the Expiration Date field on the Share Data Access page to define the last day that the access is valid. Then, schedule the Revoke Share Data Access process to run daily. The process will remove all records where the expiration date is before the run date. For example, if you run the process on July 1, all records with an expiration date of June 30 or earlier will be revoked. If the expiration date is blank, the access won't be revoked.
The Expiration Date field has been added only to the Redwood version of the page and it’s not a required field. So, you may have records with a blank expiration date. If you have such records, you can revoke them based on the creation date instead. You need to specify the number of days after the creation date, which the process uses to calculate an expiration date.
For example, if you set the Number of Days to 15, the process will calculate the expiration date as 15 days after the record's creation date. A record created on June 15 would have a calculated expiration date of June 30. If you run the process on July 1, the record would be deleted because the calculated expiration date is earlier than the July 1 run date. All records created before June 15 would similarly be deleted. All records created on or after June 16 would remain, because their calculated expiration dates would be July 1 or later.
You can also choose to narrow the request to revoke the records only for a specific recipient. This feature is useful if the recipient has moved to another role and no longer needs access to any records that were previously shared.
Steps to Perform Bulk Revoke of Share Data Access
You must run the Revoke Share Data Access process for the data access to be revoked. You can schedule it to run on a regular basis, or run it ad-hoc.
- Navigate to Scheduled Processes.
- Click the Schedule New Process button.
- Search for and select the Revoke Share Data Access process.
- Choose a Run Type.
- If you choose Expiration date, the process revokes all records with the expiration date before the system date.
- If you choose Days after creation date, the expiration date is ignored. The process calculates an expiration based on number of days after creation date.
- If Run Type is Days after creation date, specify the Number of Days.
- Optionally select a Recipient.
The recipient parameter will revoke only those records that were shared with the specified recipient.
- Click Submit to submit the process.
Key Points About Bulk Revoke of Share Data Access
Here are some key points about Share Data Access.
- The Share Data Access task adds rows to PER_SHARE_INFORMATION, and the Revoke
Share Data Access process deletes them.
- No audit is done on the table.
- Once the data is deleted, it can't be recovered. But you can use the Share Data Access task to manually add it again.
- The data in the table is used by the person security profile. If configured, your person security profile includes the rows in the table when determining data security for your tasks.
- When Run Type is Days after creation date, the Expiration Date on the record is ignored. If the data meets the criteria to be deleted based on creation date, it will be deleted even if the expiration date is in the future.
- Schedule the Revoke Share Data Access process so that it runs regularly. If you don't run the process, the access won't expire even if the expiration date has passed.
-
These functional privileges support bulk revoke of share data access:
- Run Revoke Share Data Access Process (PER_RUN_REVOKE_SHARE_DATA_ACCESS_PROCESS)
- Run Global HR Processes (PER_RUN_HR_PROCESSES_PRIV)Note: This privilege also gives access to other Global HR processes.