# Key Concepts ## Grant Kits Grant Kits are what you configure in code to control and automatically right-size permissions for resources. A Grant Kit has 3 components: 1. [Workflow](https://docs.abbey.io/reference/grant-kits/grant-workflows) to configure *how* someone should get access. 2. [Policies](https://docs.abbey.io/reference/grant-kits/policies) to configure *if* someone should get access. 3. [Output](https://docs.abbey.io/reference/grant-kits/outputs) to configure how and where Grants should materialize. ## Access Requests & Approvals Access Requests are automated processes for someone to be granted access to a [Resource](#resources). An Access Request typically involves: 1. A policy check, typically against a list of security and compliance policies. 2. A list of steps, with each step having a list of reviewers required to approve or deny the request. 3. A Terraform-native code change, backed by your Version Control System and Pull Requests. ## Access Grants Grants are the result of an approved access request without any policy violations. ## Resources Resources are what people access. A Resource can be coarse- or fine-grained to any granularity. Some examples are: 1. Role-Based Access Control (RBAC) such as Okta Groups, Google Groups, AWS IAM Profiles, or GitHub Teams. 2. Direct Access to a database cluster, a database, a table, a Trino query, or a streaming or batch job. 3. Direct Access to an an API cluster, instance, or a bastion. 4. Access to a Tailscale VPN. 5. Federated Access to any of the above through RBAC. ## Linking Identities Resources can require identity information from an external application. For example, if you're controlling a resource through Github, you may need data associated with Github, say your Github Username, to control access to resources. Abbey lets you link application data from commonly-used applications such as Github so you can use them in creating Grant Kits. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.abbey.io/how-abbey-works/concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.