Project | Optional - This is a “project”-level of organization in your application. This can be a Github organization, Slack organization, AWS account number, Azure directory, Google domain, Okta Site URL, etc. In the sample CSV, this is a Github organization “balkanid”. While optional, it is recommended that you provide Project value. If not provided, the Project value is set to “default”. |
Privilege Name | Required - The name of the action/permission/entitlement. These are typically actions that can be taken on a resource. In the sample CSV, these are “pull”, “push”, and “admin”, which are actions associated with a repository. |
Privilege Value | Required - In many cases, these will be “true”. In some cases, it is useful to model an explicit deny by including entitlements where Privilege Value is “false”. In the sample CSV, we see both “true” and “false” privilege values. |
Email | One of Email, User ID, or Username required - The email associated with the identity to which this entitlement belongs to, if available. In the sample CSV, this is “ayden@example.com”. |
User ID | One of Email, User ID, or Username required - Some applications have an ID that is separate from email or username. This is the place to include that ID. |
Username | One of Email, User ID, or Username required - The username associated with the identity to which this entitlement belongs to. In the sample CSV, this is “koch71”. |
Name | Optional - The name of the identity to which this entitlement belongs to, if available. This can be the name of a person, a service account, or other names. |
Connection | Optional, required if Connection Type is present - Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to the resource (identified by Resource and Resource Type). In the sample CSV, the connection is the repository role granted to the identity: “read” and “admin”. |
Connection Type | Optional, required if Connection is present - Connection Type describes the type of the Connection. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. In the sample CSV, this is “repository-role”. |
Connection Provider | Optional - The provider of the Connection, used to represent a multilevel connection. If this is present, Connection and Connection Type must also be present. |
Connection Provider Type | Optional - The type of the Connection Provider, If this is present, Connection Provider, Connection and Connection Type must not be empty. |
Resource | Optional, required if Resource Type is present - The resource this entitlement references. In the sample CSV, the resource is the “ops” repository. |
Resource Type | Optional, required if Resource is present - A useful resource type that groups resources in your application. This can be a Github repository/organization/application, AWS service, a Slack channel, etc. In the sample CSV, the resource type is “repository”. |
Project Aliases | Optional - This is a comma-separated list of aliases for the Project. This is useful when you have multiple names for the same Project. |