diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt
--- a/src/core/CMakeLists.txt
+++ b/src/core/CMakeLists.txt
@@ -152,6 +152,10 @@
  KF5::DBusAddons            # KDEInitInterface
 )
 
+if (UNIX)
+  target_link_libraries(KF5KIOCore PRIVATE KF5::Auth)   #SlaveBase uses KAuth::Action
+endif()
+
 if(ACL_FOUND)
   target_link_libraries(KF5KIOCore PRIVATE ${ACL_LIBS})
 endif()
diff --git a/src/core/slavebase.h b/src/core/slavebase.h
--- a/src/core/slavebase.h
+++ b/src/core/slavebase.h
@@ -943,6 +943,16 @@
      */
     PrivilegeOperationStatus requestPrivilegeOperation();
 
+    /**
+      * Adds @p action to the list of PolicyKit actions for which
+      * slave's authorizations should be revoked before sending the
+      * slave to klauncher.
+      *
+      * @param action the PolicyKit action
+      * @since 5.44
+      */
+    void addTemporaryAuthorizationToRevoke(const QString &action);
+
 protected:
     /**
      * Name of the protocol supported by this slave
diff --git a/src/core/slavebase.cpp b/src/core/slavebase.cpp
--- a/src/core/slavebase.cpp
+++ b/src/core/slavebase.cpp
@@ -43,6 +43,10 @@
 #include <kconfiggroup.h>
 #include <klocalizedstring.h>
 
+#ifdef Q_OS_UNIX
+#include <KAuth>
+#endif
+
 #include "kremoteencoding.h"
 
 #include "kioglobal_p.h"
@@ -122,6 +126,7 @@
     KPasswdServerClient *m_passwdServerClient;
     bool m_rootEntryListed = false;
 
+    QSet<QString> m_TempAuthToRevoke;
     QString m_warningCaption;
     QString m_warningMessage;
     bool m_confirmationAsked;
@@ -139,6 +144,33 @@
         return OperationAllowed;
     }
 
+    bool hasTemporaryAuthorizations()
+    {
+        return m_TempAuthToRevoke.size() > 0;
+    }
+
+    void revokeTemporaryAuthorizations()
+    {
+#ifdef Q_OS_UNIX
+        foreach (const QString action, m_TempAuthToRevoke) {
+            KAuth::Action kauthAction(action);
+            if (kauthAction.isValid()) {
+                kauthAction.revokeAuthorization();
+                if (kauthAction.status() != KAuth::Action::AuthorizedStatus) {
+                    m_TempAuthToRevoke.remove(action);
+                }
+            }
+        }
+#endif
+    }
+
+    void connectToSlavePool()
+    {
+        if (!hasTemporaryAuthorizations()) {
+            q->connectSlave(poolSocket);
+        }
+    }
+
     // Reconstructs configGroup from configData and mIncomingMetaData
     void rebuildConfig()
     {
@@ -330,7 +362,8 @@
                 disconnectSlave();
                 d->isConnectedToApp = false;
                 closeConnection();
-                connectSlave(d->poolSocket);
+                d->revokeTemporaryAuthorizations();
+                d->connectToSlavePool();
             } else {
                 break;
             }
@@ -1130,7 +1163,8 @@
         disconnectSlave();
         d->isConnectedToApp = false;
         // Do not close connection!
-        connectSlave(d->poolSocket);
+        d->revokeTemporaryAuthorizations();
+        d->connectToSlavePool();
     } break;
     case CMD_REPARSECONFIGURATION: {
         d->m_state = d->InsideMethod;
@@ -1497,3 +1531,8 @@
 
     return KIO::PrivilegeOperationStatus(d->m_privilegeOperationStatus);
 }
+
+void SlaveBase::addTemporaryAuthorizationToRevoke(const QString &action)
+{
+    d->m_TempAuthToRevoke.insert(action);
+}