Access Scopes

Create and use access scopes

An access scope is a saved, self-updating group of resources created from a filtered Inventory view. After Apono’s hourly integration syncs, each access scope automatically incorporates newly discovered resources that match its defined criteria.

An access scope offers the following benefits:

  • Creates reusable groupings for access flows

  • Supports ongoing resource oversight and analysis

For example, you can create an access scope such as Production Read Access to identify all resources with read permissions in production. Then, you can build an access flow with the Production Read Access scope. As new resources are added through your Apono integrations, they automatically become part of the saved scope, ensuring that future access requests include all applicable resources.

Create an access scope

You can create an access scope whenever you want to save a filtered set of resources for reuse in access flows.

Save Access Scope pop-up window

Follow these steps to create an access scope:

  1. Filter the list of resources.

  2. Click Save Access Scope. The Access Scopes page opens, and the Save Access Scope pop-up window appears.

  3. Enter an Access Scope Name.

  4. Click Save Access Scope. The access scope is saved and appears as the selected access scope on the Access Scopes page.

You can now use the access scope to build an access flow or periodically view the list of resources that meet the access scope's criteria.

Ensure that the access scope criteria are narrowly defined. Access scopes automatically adjust as new resources matching your criteria are identified across integrations. Broad or overly permissive criteria may inadvertently grant unauthorized user access.

Use an access scope

After creating an access scope, you can use the access scope in an access flow.

DynamoDB Table access scope
Option
Description

Use in a new access flow

Follow these steps to apply the access scope to a new access flow:

  1. On the Access Scopes page, under Access Scope, click the access scope name. NOTE: If your list of access scopes is long, you can filter the list in the following ways:

    • Enter the name of the access scope in the search field to filter the list.

    • If Space Management is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.

  2. Click Use in Access Flow. The Use Access Scope in Access Flow panel appears.

  3. Click Use in New Access Flow.

  4. Create an access flow.

Use in an existing access flow

Follow these steps to apply the access scope to an existing access flow:

  1. On the Access Scopes page, under Access Scope, click the access scope name. NOTE: If your list of access scopes is long, you can filter the list in the following ways:

    • Enter the name of the access scope in the search field to filter the list.

    • If Space Management is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.

  2. Click Use in Access Flow. The Use Access Scope in Access Flow panel appears.

  3. Beside an existing access flow, click Use. The access scope is added as a set of resources within the access flow.

PreviousPrincipalsNextManage an access scope

Last updated

Was this helpful?