# Revoking access to revisions in AWS Data Exchange
As a provider of data products in AWS Data Exchange, you can revoke subscriber access to a specific revision at any time. This action is typically done by providers for compliance reasons. Revoking a revision doesn't delete the underlying assets. After you have revoked the revision, all subscribers receive an Amazon EventBridge (formerly known as CloudWatch Events) notification that the revision has been revoked. Subscribers can then view the reason for the revoked revision on the AWS Data Exchange console. Subscribers can’t export or query the data within a revoked revision.
To be able to revoke revisions, providers who manage their own IAM policies must add `dataexchange:RevokeRevision` as a new action. Providers who use the [managed policies for AWS Data Exchange](security-iam-awsmanpol.md) don't need to make any changes.
After a revision is revoked, you can delete the assets of the revision by using the console or the AWS Data Exchange `DeleteAsset` API operation.
**Topics**
+ [Revoking access to an AWS Data Exchange asset revision (AWS CLI)](revoke-rev-sdk.md)
+ [Revoking access to a single AWS Data Exchange asset revision as a provider (console)](revoke-rev-single.md)
+ [Revoking multiple AWS Data Exchange asset revisions as a provider (console)](revoke-rev-multi.md)
+ [Editing an AWS Data Exchange asset revocation reason as a provider (console)](edit-revoked-rev.md)
+ [Viewing revoked revisions as a subscriber (console)](view-revoked-rev.md)
# Revoking access to an AWS Data Exchange asset revision (AWS CLI)
As a provider of AWS Data Exchange data products, you can use the AWS CLI to revoke subscriber access to a revision using the following instructions.
**To revoke a revision (AWS CLI)**
1. Use the `revoke-revision` command to revoke a revision.
```
$ AWS dataexchange revoke-revision \
--data-set-id $DATA_SET_ID \
--revision-id $REVISION_ID \
--comment 'Revoking Revision Example'
{
"Id": "ab7859881EXAMPLEdd3e8a4b88fc6a8d",
"Arn": "arn:aws:dataexchange:us-east-1:427362365172:data-sets/$DATA_SET_ID/revisions/$REVISION_ID",
"Comment": "Revoking Revision Example",
"CreatedAt": "2022-03-08T18:54:20.746Z",
"UpdatedAt": "2022-03-09T20:28:53.105Z",
"DataSetId": "24d30f8446a878237c35d011e7b22d0b",
"Finalized": true,
"Revoked": true,
"RevokedAt": "2022-03-09T20:28:53.105Z",
"RevocationComment": "revoking revision example"
}
```
1. After a revision is revoked, you can delete the assets of the revision using the AWS Data Exchange `DeleteAsset` API operation.
# Revoking access to a single AWS Data Exchange asset revision as a provider (console)
As a provider of AWS Data Exchange data products, you can use the AWS Data Exchange console to revoke subscriber access to a single revision using the following instructions.
**To revoke revision as a provider (console)**
1. Open your web browser and sign in to the [AWS Data Exchange console](https://console.aws.amazon.com/dataexchange).
1. In the left side navigation pane, for **Publish data**, choose **Owned data sets**.
1. In **Owned data sets**, choose the data set that has the revision you want to revoke.
1. On the **Revisions** tab, under **Revisions**, choose the revision.
1. On the revision page, under **Revision overview**, for **Actions**, choose **Revoke**.
1. In the **Revoke revision** dialog box, enter a short description of your reason for revoking the revision. Subscribers will see this description.
1. Choose **Revoke**.
The **Status** of the revision is set to **Revoked**.
**Warning**
This revokes the revision and all of its assets. Subscribers can view the reason for revocation but can’t access or export the assets. This action can't be undone.
1. After a revision is revoked, you can delete the assets of the revision by navigating to the revision page, selecting the assets you want to delete in the **Imported assets** table, and then choosing **Delete**.
To edit the reason for a revoked revision, see [Editing an AWS Data Exchange asset revocation reason as a provider (console)](edit-revoked-rev.md).
# Revoking multiple AWS Data Exchange asset revisions as a provider (console)
As a provider of AWS Data Exchange data products, you can use the AWS Data Exchange console to revoke subscriber access to multiple revisions using the following instructions.
**To revoke multiple revisions as a provider (console)**
1. Open your web browser and sign in to the [AWS Data Exchange console](https://console.aws.amazon.com/dataexchange).
1. In the left side navigation pane, for **Publish data**, choose **Owned data sets**.
1. In **Owned data sets**, choose the data set that has the revisions you want to revoke.
1. On the **Revisions** tab, choose up to 10 revisions.
1. Choose **Revoke**.
1. In the **Revoke \$1x\$1 revisions** dialog box, enter a short description of your reason for revoking the revisions. Subscribers will see this description. Then, choose **Revoke**.
The **Status** of the revisions are set to **Revoked**.
**Warning**
This revokes the revisions and all of the assets. Subscribers can view the reason for revocation but can’t access or export the assets. This action can't be undone.
1. After a revision is revoked, you can delete the assets of the revision by navigating to the revision page, selecting the assets you want to delete in the **Imported assets** table, and then choosing **Delete**.
To edit the reason for a revoked revision, see [Editing an AWS Data Exchange asset revocation reason as a provider (console)](edit-revoked-rev.md).
# Editing an AWS Data Exchange asset revocation reason as a provider (console)
As a provider of AWS Data Exchange data products, you can use the AWS Data Exchange console to edit the reason for the revocation using the following instructions.
**To edit a revocation revision as a provider (console)**
1. Open your web browser and sign in to the [AWS Data Exchange console](https://console.aws.amazon.com/dataexchange).
1. In the left side navigation pane, for **Publish data products**, choose **Owned data sets**.
1. In **Owned data sets**, choose the data set that has the revision you revoked.
1. On the **Revisions** tab, choose the revoked revision.
1. On the revision page, choose **Edit revocation reason**.
1. In the **Edit revocation revision** dialog box, enter a short description of your reason for revoking the revision.
1. Choose **Save**.
The **Status** of the revision is set to **Revoked**.
The updated revocation reason is displayed on the revision page.
# Viewing revoked revisions as a subscriber (console)
As a subscriber to AWS Data Exchange data products, you can use the AWS Data Exchange console to view the reason for revocation of access to a revision using the following instructions.
**To view a revoked revision as a subscriber (console)**
1. Open your web browser and sign in to the [AWS Data Exchange console](https://console.aws.amazon.com/dataexchange).
1. From the left navigation pane, under **My subscriptions**, choose **Entitled data**.
1. Under **Products**, choose a product, and then expand the data set under the product to see a list of revisions.
1. On the data set page, under the **Revisions** tab, view the **Status** of the revision (**Published** or **Revoked**).
1. Choose a revision.
1. View the revision reason on the top of the revision detail page.