Only the user who initially granted an audit privilege to another user can revoke that specific audit privilege. When a users privilege is revoked, all privileges granted by that user to other users are also revoked, unless an audit administrator is doing the revoking. In that case, the audit administrator can choose to revoke some user privileges and preserve others.

For example, consider that user A (who is not an audit administrator) has been granted the audit data reporter and the audit data archiver privileges, along with the ability to grant these same privileges to other users. User A grants the audit data reporter and the audit data archiver privileges to user B, who can also grant the privileges and does so to user C, who can do the same, and does, for user D.

If user As audit data reporter privilege is later revoked, the same will be true for users B, C, and D. However, if user As audit data archiver privilege is not revoked, users B, C, and D retain that privilege as well.

If user A had instead been an audit administrator, and that privilege was later revoked, all privileges of every type that user A had subsequently granted can (but not necessarily must) also be revoked in the same cascading fashion. When user A clicks Revoke, user A is prompted to confirm the action and then is able to choose which permissions to revoke for which user ID. User A can revoke user Bs audit data reporter privilege, for example, but allow user C to retain that same privilege.

For the specific steps involved in revoking privileges, see the following additional sources of information: