Comment on page
Key Concepts
Grant Kits are what you configure in code to control and automatically right-size permissions for resources. A Grant Kit has 3 components:
Access Requests are automated processes for someone to be granted access to a Resource. An Access Request typically involves:
- 1.A policy check, typically against a list of security and compliance policies.
- 2.A list of steps, with each step having a list of reviewers required to approve or deny the request.
- 3.A Terraform-native code change, backed by your Version Control System and Pull Requests.
Grants are the result of an approved access request without any policy violations.
Resources are what people access. A Resource can be coarse- or fine-grained to any granularity.
Some examples are:
- 1.Role-Based Access Control (RBAC) such as Okta Groups, Google Groups, AWS IAM Profiles, or GitHub Teams.
- 2.Direct Access to a database cluster, a database, a table, a Trino query, or a streaming or batch job.
- 3.Direct Access to an an API cluster, instance, or a bastion.
- 4.Access to a Tailscale VPN.
- 5.Federated Access to any of the above through RBAC.
Last modified 3mo ago