# Access Scopes

An **access scope** is a saved, self-updating group of resources created from a filtered **Inventory** view. After Apono’s hourly integration syncs, each access scope automatically incorporates newly discovered resources that match its defined criteria.

An access scope offers the following benefits:

* Creates reusable groupings for access flows
* Supports ongoing resource oversight and analysis

For example, you can create an access scope such as *Production Read Access* to identify all resources with read permissions in production. Then, you can build an [access flow](/docs/access-flows/access-flows.md) with the *Production Read Access* scope. As new resources are added through your Apono integrations, they automatically become part of the saved scope, ensuring that future access requests include all applicable resources.

***

### Create an access scope

You can create an access scope whenever you want to save a filtered set of resources for reuse in access flows.

<figure><img src="/files/yYGI8WgUKy62H4krR1Wb" alt="" width="375"><figcaption><p>Create Access Scope pop-up window</p></figcaption></figure>

Follow these steps to create an access scope:

1. [Filter the list of resources](/docs/inventory/inventory.md#filter-resources).
2. Click **Save Access Scope**. The **Access Scopes** page opens, and the **Create Access Scope** pop-up window appears.
3. Enter an **Access Scope Name**.
4. Enter a **Description** that summarizes the purpose of the access scope.

{% hint style="success" icon="lightbulb" %}
You can also have Apono generate a description to summarize the access scope:

1. Click **Generate**. Apono will populate the field with a new description.

2. (Optional) Review and manually edit the description.

3. (Optional) Provide feedback on the description. Click <img src="/files/TptuLFVtcaHDY5pcWt41" alt="" data-size="line"> (thumbs up icon) if the description was helpful. Click <img src="/files/q0NSG6afsIGcZpdySmwK" alt="" data-size="line"> (thumbs down icon) and add a comment if the description was unhelpful.
   {% endhint %}

4. Click **Save Access Scope**. The access scope is saved and appears as the selected access scope on the **Access Scopes** page.

You can now [use the access scope](#use-an-access-scope) to build an access flow or periodically [view the list of resources](/docs/inventory/access-scopes/manage-an-access-scope.md#view-an-existing-access-scope) that meet the access scope's criteria.

{% hint style="danger" %}
Ensure that the access scope criteria are **narrowly defined**. Access scopes automatically adjust as new resources matching your criteria are identified across integrations. Broad or overly permissive criteria may inadvertently grant unauthorized user access.
{% endhint %}

***

### Use an access scope

After creating an access scope, you can use the access scope in an access flow.

<figure><img src="/files/uVJyevWDsTu98PieWllA" alt=""><figcaption><p>DynamoDB Table access scope</p></figcaption></figure>

<table><thead><tr><th width="272">Option</th><th>Description</th></tr></thead><tbody><tr><td><strong>Use in a new access flow</strong></td><td><p>Follow these steps to apply the access scope to a new access flow:</p><ol><li><p>On the <a href="https://app.apono.io/access-scopes"><strong>Access Scopes</strong></a> page, under <strong>Access Scope</strong>, click the access scope name.<br><br><em><strong>NOTE</strong>: If your list of access scopes is long, you can filter the list in the following ways:</em></p><ul><li><em>Enter the name of the access scope in the search field to filter the list.</em></li><li><em>If</em> <a href="/pages/kNJMnvty0313OIOCG5Mk"><em>Space Management</em></a> <em>is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.</em></li></ul></li><li>Click <strong>Use in Access Flow</strong>. The <strong>Use Access Scope in Access Flow</strong> panel appears.</li><li>Click <strong>Use in New Access Flow</strong>.</li><li>Create an <a href="/pages/mIVm6DxVw9MwkE8UFHX7">access flow</a>.</li></ol></td></tr><tr><td><strong>Use in an existing access flow</strong></td><td><p>Follow these steps to apply the access scope to an existing access flow:</p><ol><li><p>On the <a href="https://app.apono.io/access-scopes"><strong>Access Scopes</strong></a> page, under <strong>Access Scope</strong>, click the access scope name.<br><br><em><strong>NOTE</strong>: If your list of access scopes is long, you can filter the list in the following ways:</em></p><ul><li><em>Enter the name of the access scope in the search field to filter the list.</em></li><li><em>If</em> <a href="/pages/kNJMnvty0313OIOCG5Mk"><em>Space Management</em></a> <em>is enabled, select a space from the space selector at the top of the page to show only the access scopes for that space.</em></li></ul></li><li>Click <strong>Use in Access Flow</strong>. The <strong>Use Access Scope in Access Flow</strong> panel appears.</li><li>Beside an existing access flow, click <strong>Use</strong>. The access scope is added as a set of resources within the access flow.</li></ol></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/docs/inventory/access-scopes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.