# Grant Kits

A Grant Kit allows you to automatically control and right-size permissions to sensitive resources. Grant Kits allow you to define [grant-workflows](https://docs.abbey.io/reference/grant-kits/grant-workflows "mention") (how someone should get access), [policies](https://docs.abbey.io/reference/grant-kits/policies "mention") (if they should get access), and an [outputs](https://docs.abbey.io/reference/grant-kits/outputs "mention")  template (how and where you want the automated permission grants to materialize) for a specific Target resource.

## Grant Kit Spec

```hcl
resource "abbey_grant_kit" "this" {
    workflow = { ... } # _how_ an identity should get access.
    policies = { ... } # _if_ an identity should get access.
    output = { ... }   # _how_ and _where_ permission grants should be materialized.
}
```