# Access Scopes

An **access scope** is a saved, self-updating group of resources created from a filtered **Inventory** view. After Apono’s hourly integration syncs, each access scope automatically incorporates newly discovered resources that match its defined criteria.

An access scope offers the following benefits:

* Creates reusable groupings for access flows
* Supports ongoing resource oversight and analysis

For example, you can create an access scope such as *Production Read Access* to identify all resources with read permissions in production. Then, you can build an [access flow](https://docs.apono.io/docs/access-flows/access-flows) with the *Production Read Access* scope. As new resources are added through your Apono integrations, they automatically become part of the saved scope, ensuring that future access requests include all applicable resources.

***

### Create an access scope

You can create an access scope whenever you want to save a filtered set of resources for reuse in access flows.

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-23207084366b04ac9ffc7757721adee24eb69b1a%2Facceess-scope-create-ai-description.png?alt=media" alt="" width="375"><figcaption><p>Create Access Scope pop-up window</p></figcaption></figure>

Follow these steps to create an access scope:

1. [Filter the list of resources](https://docs.apono.io/docs/inventory#filter-resources).
2. Click **Save Access Scope**. The **Access Scopes** page opens, and the **Create Access Scope** pop-up window appears.
3. Enter an **Access Scope Name**.
4. Enter a **Description** that summarizes the purpose of the access scope.

{% hint style="success" icon="lightbulb" %}
You can also have Apono generate a description to summarize the access scope:

1. Click **Generate**. Apono will populate the field with a new description.

2. (Optional) Review and manually edit the description.

3. (Optional) Provide feedback on the description. Click <img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-d868fa52ded73e3907fd4a933a7604a7ca609c7b%2Faccess-clarity-approve%20(1).png?alt=media" alt="" data-size="line"> (thumbs up icon) if the description was helpful. Click <img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-ca6382f453f0c527252bc69d4df55144f98992a5%2Faccess-clarity-disapprove%20(1).png?alt=media" alt="" data-size="line"> (thumbs down icon) and add a comment if the description was unhelpful.
   {% endhint %}

4. Click **Save Access Scope**. The access scope is saved and appears as the selected access scope on the **Access Scopes** page.

You can now [use the access scope](#use-an-access-scope) to build an access flow or periodically [view the list of resources](https://docs.apono.io/docs/inventory/manage-an-access-scope#view-an-existing-access-scope) that meet the access scope's criteria.

{% hint style="danger" %}
Ensure that the access scope criteria are **narrowly defined**. Access scopes automatically adjust as new resources matching your criteria are identified across integrations. Broad or overly permissive criteria may inadvertently grant unauthorized user access.
{% endhint %}

***

### Use an access scope

After creating an access scope, you can use the access scope in an access flow.

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-b3b30c17fe97b9ee3a53da52bbe15cda5d9bddd1%2Faccess-scope-use-in-access-flow.png?alt=media" alt=""><figcaption><p>DynamoDB Table access scope</p></figcaption></figure>

<table><thead><tr><th width="272">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Use in a new access flow</strong></td><td><p>Follow these steps to apply the access scope to a new access flow:</p><ol><li><p>On the <a href="https://app.apono.io/access-scopes"><strong>Access Scopes</strong></a> page, under <strong>Access Scope</strong>, click the access scope name.<br><br><em><strong>NOTE</strong>: If your list of access scopes is long, you can filter the list in the following ways:</em></p><ul><li><em>Enter the name of the access scope in the search field to filter the list.</em></li><li><em>If</em> <a href="../user-administration/space-management"><em>Space Management</em></a> <em>is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.</em></li></ul></li><li>Click <strong>Use in Access Flow</strong>. The <strong>Use Access Scope in Access Flow</strong> panel appears.</li><li>Click <strong>Use in New Access Flow</strong>.</li><li>Create an <a href="../access-flows/access-flows">access flow</a>.</li></ol></td></tr><tr><td><strong>Use in an existing access flow</strong></td><td><p>Follow these steps to apply the access scope to an existing access flow:</p><ol><li><p>On the <a href="https://app.apono.io/access-scopes"><strong>Access Scopes</strong></a> page, under <strong>Access Scope</strong>, click the access scope name.<br><br><em><strong>NOTE</strong>: If your list of access scopes is long, you can filter the list in the following ways:</em></p><ul><li><em>Enter the name of the access scope in the search field to filter the list.</em></li><li><em>If</em> <a href="../user-administration/space-management"><em>Space Management</em></a> <em>is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.</em></li></ul></li><li>Click <strong>Use in Access Flow</strong>. The <strong>Use Access Scope in Access Flow</strong> panel appears.</li><li>Beside an existing access flow, click <strong>Use</strong>. The access scope is added as a set of resources within the access flow.</li></ol></td></tr></tbody></table>