search

Access Clarity

As access governance policies grow in complexity, it becomes increasingly difficult to understand why access is allowed or denied. For example, a junior staff member can request access to a highly sensitive PII resource, while a senior engineer cannot request access to a production resource. When outcomes like these occur, determining the root cause can be challenging. Investigating them often requires reviewing group memberships, evaluating access flow precedence, and examining approval policies.

Access Clarity helps admins understand how access decisions are determined. You can ask questions in plain language to investigate eligibility, policy behavior, and request outcomes.

For example:

  • Why can Alice request access to this database?

  • Why does this request require approval?

  • Which access flow applies to this resource?

In response, Access Clarity analyzes your governance configuration in real time and explains how eligibility, precedence, and approval logic lead to the final outcome.

Access Clarity helps you do the following:

  • Explain access eligibility by seeing who can request a resource and which access flow grants that eligibility

  • Understand access flow precedence when multiple policies match a request

  • Predict request outcomes, including whether approval is required and what permissions will be granted

  • Validate least-privilege policies by identifying overly broad eligibility or conflicting access flows

circle-info

Access Clarity explains eligibility and grant logic based on governance configuration.

Access Clarity does not:

  • Show who currently has active access

  • Detect access granted outside Apono

  • Analyze historical policy states

  • Modify or create policies

  • Interpret filtered results, selected rows, or highlighted UI content

hashtag
Get help from Access Clarity

Access Clarity conversations

Follow these steps to begin an Access Clarity conversation:

  1. From any Apono pagearrow-up-right, in the top-right corner, click (Access Clarity icon). The Access Clarity panel opens.

  2. Ask an access eligibility or policy behavior question. The assistant will reply.

  3. (Optional) Provide feedback on Access Clarity responses:

    • Click (thumbs up icon) if the explanation was helpful.

    • Click (thumbs down icon) and add a comment if the explanation was unhelpful.

After starting a conversation, you can navigate between pages while the assistant remains open. You can also close and reopen the assistant from any page.

hashtag
Conversation Guidance

Use the following guidance to get the most accurate, relevant, and detailed responses from Access Clarity.

Recommendation
Details

Be specific.

Include resource names, user names, and environments in your questions.

Ask follow-up questions.

Narrow down results with questions such as:

  • Which users qualify?

  • Which condition caused this to match?

  • Does this require approval?

hashtag
Topic Areas

Access Clarity helps you investigate access eligibility, request outcomes, and governance configuration in Apono. Expand each section to see examples of how Access Clarity can help within each topic area.

chevron-rightAccess eligibilityhashtag

Analyze which users, groups, and policies allow access requests for a resource.

Access Clarity can help you:

  • Identify who is eligible to request access to a resource

  • Show which users, groups, or teams match an access flow

  • Identify which access flow applies to a request

  • Show matched and unmatched conditions

  • Trace group membership and nested inheritance

  • Diagnose missing or unexpected eligibility

  • Explain why an access flow is not applying

Access Clarity explains who can request access and how eligibility is determined. It does not show who currently has active access.

Eligibility can depend on dynamic conditions such as time-based rules, on-call schedules, or attribute-based filters.

chevron-rightRequest outcomeshashtag

Explain how access flows and approval policies determine the result of a request.

Access Clarity can help you:

  • Explain what will happen if a user submits a request

  • Clarify whether approval is required

  • Show which approval policy will apply

  • Identify whether access will be auto-granted

  • Clarify what permissions would be granted upon approval or auto-grant

  • Explain why a specific access flow was selected when multiple flows match (precedence)

  • Analyze request outcomes based on governance configuration

chevron-rightGovernance riskshashtag

Identify policy conflicts, shadowed flows, or overly broad access conditions.

Access Clarity can help you:

  • Identify overly broad eligibility

  • Detect no-approval flows in sensitive environments

  • Identify shadowed or overridden access flows

  • Detect conflicting or overlapping configurations

hashtag
View conversation history

You can view your conversation history with Access Clarity.

circle-info

Conversation history is session-based and is not included in compliance audit logs.

Follow these steps to view your conversation history:

  1. From any Apono pagearrow-up-right, in the top-right corner, click (Access Clarity icon). The Access Clarity panel opens.

  2. Click (chat history icon). The Select Conversation dropdown menu appears, displaying a list of previous conversations.

  3. (Optional) In the Search... text field, enter the partial or full name of the conversation to filter the list of conversations.

  4. Select the conversation. The dropdown menu disappears and the selected conversation is displayed.

  5. (Optional) Resume the conversation.

circle-info

When resuming a conversation, Access Clarity only uses context from the active conversation and does not consider information from other conversations.

hashtag
Delete a conversation

triangle-exclamation

Deleting a conversation is permanent and irreversible.

Follow these steps to delete a conversation:

  1. From any Apono pagearrow-up-right, in the top-right corner, click (Access Clarity icon). The Access Clarity panel opens.

  2. Click (chat history icon). The Select Conversation dropdown menu appears, displaying a list of previous conversations.

  3. (Optional) In the Search... text field, enter the partial or full name of the conversation to filter the list of conversations.

  4. Click (trash can icon) next to the conversation to delete. A confirmation pop-up window appears.

  5. Click Yes.

PreviousValidate tickets with webhooksNextAccess Flows

Last updated

Was this helpful?