This could either be through the administrator interface or the 'view whitelist' button (T175573).
Description
Description
Related Objects
Related Objects
Event Timeline
Comment Actions
At the moment this is basically implemented because admins can just delete the relevant authorization object. We should perhaps have an improved workflow for this, but this seems sufficient for the time being.