Documentation

Permissions

Suggest Edits

Overview

The Permissions screen in Entitle is where customers can map out users’ behaviors using the Permissions Graph. It provides a single unified view of users based on permissions granted to different application integrations.

The Permissions graph allows Entitle’s customers to make sure their users have just enough access to different integrations and therefore allows them to identify overprivileged or unknown identities, unwanted permission chains, or toxic combinations of permissions.

If you would like to manage your organization’s permissions, please refer to Entitle's User Access Review Guide.

How to use the Permissions graph

Log in to Pathfinder and get to know the Permissions screen

  1. Log in to Pathfinder and click the Entitle tile.

  2. From the top left of the page, click Menu button > Permissions.

    The Permissions screen displays

Here, you will encounter four main sections:


  1. Filters menu

    • Users - The entities that can receive, hold, and be stripped of permissions.
    • Integration - A specific instance or integration with an application. It includes the configuration needed to connect Entitle, including credentials and all the users’ permissions information.
    • Resource Type - varies depending on the integration chosen.
    • Resource - An entity within an Integration to which a user can gain access via permission, e.g. group of users.
    • Role - A level of access to which a User is entitled to a resource, e.g., Read, Admin.

  2. Graph key

    You can see the total number of Users, Accounts, Integrations, Resources, and Roles found according to the selected filters above.

    • Direct Access (purple) - The user has direct permission to the resource.
    • Indirect Access (green) - The selected roles are granted to the employees based on a different role granted to the employee.
    • Both (orange) - The user has direct and indirect permission to the resource.

  3. Permissions graph functionalities

    • From left to right: Return to Center, Zoom Out, Zoom In.
  1. Risk and sensitivity indicators (Insights) - only in Entitle on Pathfinder.

Choose a preferred view to set up your Permissions graph

There are two possible views through which you can see your Permissions Graph:

  1. Users (you can choose multiple users at once) - if chosen, it is not obligatory to fill in the rest of the filters, only in case you would like your Permissions graph to be more specific.
  2. Integration (you can only choose one at a time) - If chosen, it is obligatory to fill in the rest of the filters.

Fill in the rest of the filters

  1. If you chose the Integration View option from the previous step or wish to create a more detailed Graph using the Users View, proceed to fill in the Resource Type, Resource, and Role filters.
  2. If you would like to reverse any of the choices you have made in your Permissions graph, you can always click the arrow on the right side of the filter menus.
  3. The final Permissions graph displays.

Risk and sensitivity indicators

💡

Important

  1. Risk and sensitivity indications will be visible in Entitle only if accessed through Pathfinder, with a user who has admin privileges in both Entitle and Insights.
  2. See the Identity Security Insights integration guide to set up risk and sensitivity indications in Entitle.

View risk/sensitivity indicators in the Permissions graph

  1. When the abovementioned prerequisites are fulfilled, Insights will load in the permissions graph before the admin selects any filters. This way, they can immediately see the status of the employees in the company, such as who has multiple high-risk permissions:

  2. Once filters are selected, the graph will display the users according to the selected filters.

    💡

    Note

    If only one of the risk/sensitivity filters is selected without any filters from the filters menu (Users/Integration/Resource type/Resource/Role), a maximum of 250 users can be presented in the permissions graph. The following tooltip will display:

Filter risk and sensitivity indicators

Admins can filter users based on risk and/or sensitivity levels. To apply the filters:

  1. Select Users/resources/roles whose permissions you want to display using the appropriate filter.
  2. You will see a numerical indicator presenting a cumulative schema for the risk and sensitivity levels of all the users existing in the graph.
  3. Use the right-hand side Risk and Sensitivity filters to adjust the graph according to the information you wish to display.

View detection details in Insights

  1. Hovering over the risk or sensitivity icon will summarize the risk/sensitivity details. In the example below, the cumulative risk level is 1.

  2. Clicking on a detection will redirect you to Insights, where you can view more detailed information about the specific detection.

Updated 8 days ago