Config Access
Config Access tracks who has access to configuration items and their access history. This enables compliance auditing, security monitoring, and periodic access reviews.
Entity Model
User
Users represent individuals or service accounts from your identity providers or external systems.
| Field | Description | Scheme |
|---|---|---|
account_id* | Account identifier from the source system |
|
name* | Display name of the user |
|
scraper_id* | ID of the scraper that created this user | uuid |
aliases | Alternative identifiers for alias resolution (e.g. |
|
email | User's email address |
|
id | Unique identifier (auto-generated) | uuid |
user_type | Type of user: |
|
Group
Groups represent teams, departments, or security groups from your identity systems.
| Field | Description | Scheme |
|---|---|---|
account_id* | Group identifier from the source system |
|
name* | Group name |
|
scraper_id* | ID of the scraper that created this group | uuid |
aliases | Alternative identifiers for alias resolution |
|
group_type | Type of group: |
|
id | Unique identifier (auto-generated) | uuid |
Role
Roles define permission sets that can be assigned to users or groups.
| Field | Description | Scheme |
|---|---|---|
account_id* | Role identifier from the source system |
|
name* | Role name |
|
aliases | Alternative identifiers for alias resolution |
|
application_id | ID of the Application this role belongs to | uuid |
description | Human-readable description of the role's purpose |
|
id | Unique identifier (auto-generated) | uuid |
role_type | Type of role: |
|
scraper_id | ID of the scraper that created this role | uuid |
User Group
Links users to their group memberships.
| Field | Description | Scheme |
|---|---|---|
external_group_id* | ID of the external group the user belongs to (resolved from | uuid |
external_user_id* | ID of the external user (resolved from | uuid |
Config Access
Records which users, groups, and roles have access to specific configuration items. At least one of external_user_id, external_group_id, or external_role_id must be set.
| Field | Description | Scheme |
|---|---|---|
config_id* | ID of the config item being accessed | uuid |
id* | Unique identifier for this access record |
|
application_id | ID of the Application this access record belongs to | uuid |
external_group_id | ID of the external group with access | uuid |
external_role_id | ID of the external role granting access | uuid |
external_user_id | ID of the external user with access | uuid |
last_reviewed_at | Timestamp of the last access review | timestamp |
last_reviewed_by | User who performed the last access review | uuid |
scraper_id | ID of the scraper that created this record | uuid |
source | Source identifier for this access record |
|
Config Access Log
Records individual access events for audit purposes.
| Field | Description | Scheme |
|---|---|---|
config_id* | ID of the config item that was accessed | uuid |
external_user_id* | ID of the external user who accessed the resource | uuid |
scraper_id* | ID of the scraper that captured this access log | uuid |
count | Number of aggregated access events (default: 1) |
|
created_at | Timestamp when the access occurred | timestamp |
mfa | Whether multi-factor authentication was used |
|
properties | Additional access metadata (IP address, session info, client, etc.) |
|