Project | This is a “project”-level of organization in your application. This can be a Github organization, Slack organization, AWS account number, Azure directory, Google domain, Okta Site URL, etc. In the sample CSV, this is a Github organization “balkanid”. While optional, it is recommended that you provide Project value. If not provided, the Project value is set to “default”. |
Entitlement BRN | The Unique identifier for the entitlement. |
Privilege Name | The name of the action/permission/entitlement. These are typically actions that can be taken on a resource. In the sample CSV, these are “pull”, “push”, and “admin”, which are actions associated with a repository. |
Privilege Value | In many cases, these will be “true”. In some cases, it is useful to model an explicit deny by including entitlements where Privilege Value is “false”. In the sample CSV, we see both “true” and “false” privilege values. |
Email | The email associated with the identity to which this entitlement belongs to, if available. In the sample CSV, this is “ayden@example.com”. |
Identity ID | Some applications have an ID that is separate from email or username. This is the place to include that ID. |
Username | The username associated with the identity to which this entitlement belongs to. In the sample CSV, this is “koch71”. |
Name | The name of the identity to which this entitlement belongs to, if available. This can be the name of a person, a service account, or other names. |
Connection | Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to the resource (identified by Resource and Resource Type). In the sample CSV, the connection is the repository role granted to the identity: “read” and “admin”. |
Connection Type | Connection Type describes the type of the Connection. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. In the sample CSV, this is “repository-role”. |
Resource | The resource this entitlement references. In the sample CSV, the resource is the “ops” repository. |
Resource Type | A useful resource type that groups resources in your application. This can be a Github repository/organization/application, AWS service, a Slack channel, etc. In the sample CSV, the resource type is “repository”. |
Employee ID | ID of the Employee, if mapped |
Labels | Insights such as privileged, sod, outlier, over entitled. |
Identity Type | Type of the identity, such as user, service account, group, etc. |
Connection Provider | The provider of the connection, such as admins etc. |
Connection Provider Type | The type of the connection provider, such as group, etc. |
Metadata | Additional metadata about the entitlement. |
App | The application that the entitlement is for. |
Identity Type | The type of the identity. |