Yes. One click in the workspace revokes an assistant's access to everything they've ever touched.
What gets revoked
- All Vault items shared with them (they can no longer decrypt anything)
- File access
- Workspace messages
- Integration permissions (CRM, ad accounts, etc. via connected apps)
- Calendar access
Immediate and audited
Revocation is immediate — active sessions are killed, tokens invalidated, and a full audit entry is recorded with timestamp, IP and revoking user.
When to use it
- End of engagement (automated if you close the relationship through billing)
- Security incident on their side (lost laptop, account compromise)
- Any concern at any time — don't hesitate
Re-granting access after an investigation is a separate, intentional action.