Access Explorer

Access Explorer visually represents relationships between cloud identities, assets, and access policies. It helps users understand access paths, identify which identities have access to specific assets, and determine when access or membership was granted. This topic outlines how to apply filters, interpret visual cues, and interact with the graphical representation of access relationships in a cloud environment.

Overview

The Access Explorer provides a visual representation of the relationships between cloud identities, assets, and access policies to help users understand the following:

  • How a cloud identity gains access to an asset

  • Which cloud identities have access to an asset

  • When access or membership was granted

Each entity in the explorer is represented by a visual object containing an icon that identifies the cloud entity type (Asset, Identity, Account, or Group) or an application logo, along with its name and type.

Using Access Explorer Filters

Access Explorer displays membership or access policies based on the source and filter you select.

Begin by selecting a source entity to explore, which can be an identity, account, group, or asset. The initial explorer view varies depending on the entity type:

  • Identity – Displays the identity and all related accounts

  • Account – Displays the first level of direct access or membership

  • Group – Displays the direct members (either accounts or group) on the left and the group’s direct access or membership on the right

  • Asset – Displays first-level accounts/groups with access on the left, and selected assets on the right

Once you select an entity, you can apply target and access filters that work like those used in access policies or membership inventories.

Using the Access Explorer from the Inventory

You can open Access Explorer for any entity directly from the inventory interface by selecting “investigate” from the side-panel actions or from the three-dots menu when hovering over a table row.

You can also open Access Explorer from the entity side-panel when viewing access or membership inventories.

Access Explorer Behavior and Interactions

Access Explorer interaction methods facilitate detailed exploration and understanding of access relationships within the cloud environment .

  • To expand an entity’s access path, click the two arrows button at the end of the entity block; clicking again collapses the path.

  • To expand grouped sections, click the arrow near the group, which refocuses the graph on that area.

  • To zoom, use mouse scroll or plus (+) and minus (-) buttons.

  • To open a side panel with details similar to the inventory view, click an entity or path.

  • To highlight the backward access path, hover over an entity.

Additional interface buttons include:

  • Filter icon to open or collapse filters.

  • Square icon to toggle full screen.

  • Show legend dropdown to explain icons used in the view.