Documentation

Glossary | Entitle

Suggest Edits

Industry terminology

  • Zero Standing Privileges (ZSP): Identity security principle that eliminates persistent privileged access for users and systems, instead provisioning elevated access when necessary through Just-In-Time (JIT) methods. Entitle implements ZSP by enabling temporary access grants, significantly reducing risk exposure from dormant but privileged accounts.
  • Least Privilege: Security principle stating that a system should restrict the access privileges of users (or processes acting on behalf of users) to the minimum necessary to accomplish their assigned tasks.
  • Cloud Infrastructure Entitlement Management (CIEM): Category of security tools focused on managing and enforcing access permissions across cloud environments. Entitle delivers automated just-in-time (JIT) privileged access management (PAM) with real-time insights and analytics. It provides visibility into access rights, enforces Least Privilege policies, and automates permission request workflows—collecting, analyzing, reviewing, approving, and prioritizing remediation of privileged access across its customers' entire identity environment.
  • Visibility: Ability to gain real-time insights into user access and entitlements across systems and applications. In Entitle, this visibility helps identify potential risks and ensure compliance with access policies.
  • Control access: Process of managing and enforcing access policies to ensure users can only access resources they are authorized for, and only when necessary. Entitle strengthens security by automating access provisioning through just-in-time access controls and providing comprehensive visibility into user activities, reducing risk and ensuring compliance.

Glossary terms

  • User: Manifestation of identity in Entitle. An entity that can have, be granted with, or revoked out of entitlements
  • Account: Digital identity used by applications or services to access and interact with resources (not necessarily resources reflected in Entitle). It's a unique identifier within the service that allows automated processes and applications to perform actions such as querying for information, storing data, or running virtual machines. Can be used by a human user or non-human (NHI).
  • Application: SaaS infrastructure or an application that Entitle can integrate with, e.g., AWS, Salesforce
  • Integration: Specific instance or integration with an "Application". Integration includes the configuration needed to connect Entitle, including credentials, as well as all the user's permissions information
  • Resource: Entity within an "Integration" to which a user can gain access via an "Entitlement", e.g., DB table, group of users
  • Role: Level of access to which a "User" is entitled to a "Resource", e.g., Read, Admin
  • Permission, or Entitlement: Right a user has to access a "Resource" of an "Integration" via a specific "Role"
  • Bundle: Set of permissions that can be assigned or revoked together by Entitle
  • Tag: Metadata element applied to an Entitle entity, such as a resource, that helps you identify and classify the entity based on settings relevant to your organization. It is a single value element even if originally fetched from a key-value pair. Entitle can retrieve tags from integrations and actively modify its internally managed tags

GitHub example

Diagram of GitHub application as a presentation of the glossary terms hub as an example

In the example above, the glossary terms are represented as follows:

  • Application - GitHub (Git repository management service)
  • Integration - The integration here would be the connection to the "ACME" organization in GitHub
  • Resource - There are two resources: Repository A and Repository B
  • Role - There are two roles: Admin and Maintainer
  • Entitlement - An example of Entitlement would be Repository A Admin, or Repository B Maintainer

User Access Review terms

  • User Access Review (UAR): Review authorizations and permissions across the organization. Standard for securing logical access rights and an integral part of any organization’s Identity and Access Management (IAM) strategy
  • (Access) Review: Implementation of a user access review process for a specific part of the organization, defined in a template. Conducted periodically
  • (Review) Template: Definition of a review is a combination of reviewed applications and specific groups of users to be reviewed. Templates can be reused, each instance is a review
  • Reporter: Access review reviewer. One of the application or organizational unit managers reviews users' permissions as part of a review

Updated 19 days ago