Access Scopes

Create and use access scopes

An access scope is a saved, self-updating group of resources created from a filtered Inventory view. After Apono’s hourly integration syncs, each access scope automatically incorporates newly discovered resources that match its defined criteria.

An access scope offers the following benefits:

  • Creates reusable groupings for access flows

  • Supports ongoing resource oversight and analysis

For example, you can create an access scope such as Production Read Access to identify all resources with read permissions in production. Then, you can build an access flow with the Production Read Access scope. As new resources are added through your Apono integrations, they automatically become part of the saved scope, ensuring that future access requests include all applicable resources.

Create an access scope

You can create an access scope whenever you want to save a filtered set of resources for reuse in access flows.

Save Access Scope pop-up window

Follow these steps to create an access scope:

  1. Filter the list of resources.

  2. Click Save Access Scope. The Access Scopes page opens, and the Save Access Scope pop-up window appears.

  3. Enter an Access Scope Name.

  4. Click Save Access Scope. The access scope is saved and appears as the selected access scope on the Access Scopes page.

You can now use the access scope to build an access flow or periodically view the list of resources that meet the access scope's criteria.

Ensure that the access scope criteria are narrowly defined. Access scopes automatically adjust as new resources matching your criteria are identified across integrations. Broad or overly permissive criteria may inadvertently grant unauthorized user access.

Use an access scope

After creating an access scope, you can use the access scope in an access flow.

DynamoDB Table access scope
Option
Description

Use in a new access flow

Follow these steps to apply the access scope to a new access flow:

  1. On the Access Scopes page, under Access Scope, click the access scope name. NOTE: If your list of access scopes is long, you can enter the name of the access scope in the search field to filter the list.

  1. Click Use in Access Flow. The Use Access Scope in Access Flow panel appears.

  2. Click Use in New Access Flow.

  3. Create an access flow.

Use in an existing access flow

Follow these steps to apply the access scope to an existing access flow:

  1. On the Access Scopes page, under Access Scope, click the access scope name. NOTE: If your list of access scopes is long, you can enter the name of the access scope in the search field to filter the list.

  2. Click Use in Access Flow. The Use Access Scope in Access Flow panel appears.

  3. Beside an existing access flow, click Use. The access scope is added as a set of resources within the access flow.

View an existing access scope

Inventory page with selected access scope

Follow these steps to select an access scope:

  1. On the Inventory page, click the Saved Access Scope dropdown menu.

  2. (Optional) Enter the name of the access scope in the search field.

  3. Select the access scope. The list of resources will be filtered by the criteria of the access scope.

Delete an access scope

Saved Access Scope dropdown menu

Follow these steps to delete an access scope:

  1. On the Inventory page, click the Saved Access Scope dropdown menu.

  2. Click (trash icon) next to the access scope to delete. A confirmation window appears.

An access scope can only be deleted if it is not associated with an access flow. If an access scope is linked to one or more access flows, a popup window will appear with links to the relevant access flows:

  1. Click each link to open the associated access flow.

  2. Remove the access scope from the access flow.

After you have removed the access scope from all access flows, return to the Inventory page to delete the access scope.

  1. Click Yes.

PreviousPrincipalsNextManage an access scope

Last updated

Was this helpful?