Atom
Queries & Search

Resource Access

Which entities can access one protected resource.

Resource access starts with one protected object and asks:

Who can use this object?

Useful results should include:

  • subject entity or principal group;
  • allowed actions;
  • source role or direct policy;
  • source permission block;
  • tenant boundary;
  • conditions that must match.

Example

telemetry channel
  meter-001 can publish
  service reporter can read
  principal group Field Devices can publish

This view is useful before changing or deleting a channel, report, rule, or tenant object.

Previous

Entity Access

Next

Audit Log

On this page