Documentation

Glossary

Suggest Edits

Industry terminology

  • Zero Standing Privileges (ZSP): An identity security principle that eliminates persistent privileged access for users and systems, instead provisioning elevated access when necessary through Just-In-Time (JIT) methods. Entitle implements ZSP by enabling temporary access grants, significantly reducing risk exposure from dormant but privileged accounts.
  • Least Privilege: A security principle stating that a system should restrict the access privileges of users (or processes acting on behalf of users) to the minimum necessary to accomplish their assigned tasks.
  • Cloud Infrastructure Entitlement Management (CIEM): A category of security tools focused on managing and enforcing access permissions across cloud environments. In Entitle, CIEM capabilities provide visibility into who has access to what, enforce least privilege policies, and automate JIT (Just-In-Time) access controls to reduce risk and privilege sprawl.
  • Visibility: The ability to gain real-time insights into user access and entitlements across systems and applications. In Entitle, this visibility helps identify potential risks and ensure compliance with access policies.
  • Control access: The process of managing and enforcing access policies to ensure users can only access resources they are authorized for, and only when necessary. Entitle strengthens security by automating access provisioning through just-in-time access controls and providing comprehensive visibility into user activities, reducing risk and ensuring compliance.

Glossary terms

  • User: An entity that can receive, hold, and be stripped of entitlements
  • Application: A SaaS infrastructure or an application that Entitle can integrate with, e.g., AWS, Salesforce
  • Integration: A specific instance or integration with an "Application". Integration includes the configuration needed to connect Entitle, including credentials, as well as all the user's permissions information
  • Resource: An entity within an "Integration" to which a user can gain access via an "Entitlement", e.g., DB table, group of users
  • Role: A level of access to which a "User" is entitled to a "Resource", e.g., Read, Admin
  • Permission, or Entitlement: The right a user has to access a "Resource" of an "Integration" via a specific "Role"
  • Bundle: A set of permissions that can be assigned or revoked together by Entitle
  • Tag: A metadata element applied to an Entitle entity, such as a resource, that helps you identify and classify the entity based on settings relevant to your organization. It is a single value element even if originally fetched from a key-value pair. Entitle can retrieve tags from integrations and actively modify its internally managed tags.

GitHub example

Diagram of GitHub application as a presentation of the glossary terms hub as an example

In the example above, the glossary terms are represented as follows:

  • Application - GitHub (Git repository management service)
  • Integration - The integration here would be the connection to the "ACME" organization in GitHub
  • Resource - There are two resources: Repository A and Repository B
  • Role - There are two roles: Admin and Maintainer
  • Entitlement - An example of Entitlement would be Repository A Admin, or Repository B Maintainer

User Access Review terms

  • User Access Review (UAR): Review authorizations and permissions across the organization. Standard for securing logical access rights and an integral part of any organization’s Identity and Access Management (IAM) strategy
  • (Access) Review: An implementation of a user access review process for a specific part of the organization, defined in a template. Conducted periodically
  • (Review) Template: The definition of a review is a combination of reviewed applications and specific groups of users to be reviewed. Templates can be reused, each instance is a review
  • Reporter: Access review reviewer. One of the application or organizational unit managers reviews users' permissions as part of a review

Updated 14 days ago