Approaches presented herein enable credentials to be revoked or otherwise modified while limiting the impact of inadvertent or unintended changes in access. In some embodiments, the revocation of a credential can occur over a period of time with the level of access being diminished over that period, in order to prevent an inadvertent denial of access while indicating to the requestor that there is an issue with the credential. When a new policy is created for a new credential, a prior policy can be retained for at least a period of time such that users with inadvertently revoked access can obtain a level of access per the previous policy. Various embodiments trace the calls for a credential throughout the system in order to determine which services, processes, or components might be affected by the revocation, such that an appropriate remedial action can be taken.