> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/getting-started/getting-started-with-access-inventory.md). # Getting Started with Access Inventory [Access Inventory](/readme/access-inventory.md) gives you a single, queryable view of your entire IAM configuration. P0 combines data from your identity provider, your IAM policies, and your access logs into one access graph, then scores every privilege against P0's open-source [IAM Privilege Catalog](https://catalog.p0.dev). This guide walks you through your first session with Access Inventory: 1. [Connect a resource and run your first scan](#step-1-connect-a-resource-and-run-your-first-scan) 2. [Open the Inventory page and confirm your data](#step-2-open-the-inventory-page-and-confirm-your-data) 3. [Run your first query](#step-3-run-your-first-query) 4. [Investigate a result](#step-4-investigate-a-result) 5. [Save a search as a monitor](#step-5-save-a-search-as-a-monitor) {% hint style="info" %} Initial setup takes about 15 minutes. IAM assessment is currently available for AWS, Google Cloud, Kubernetes, Okta, and Google Workspace. {% endhint %} ## Who this guide is for This guide is for administrators and security engineers who are setting up P0 for the first time and want to explore their cloud access. You need an understanding of cloud IAM concepts (identities, roles, and policies) and administrative access to at least one cloud provider. ## Prerequisites Before you start, make sure you have: * A P0 account. Create a free account at [p0.app/create-account](https://p0.app/create-account). * Administrative access to a supported cloud provider (AWS, Google Cloud, Kubernetes, Okta, or Google Workspace). * Permission to create an environment in your P0 organization. ## Step 1: Connect a resource and run your first scan Access Inventory builds its graph from the resources you connect. To collect your first set of data, create an environment and run an inventory scan. 1. Sign in to [p0.app](https://p0.app). 2. Follow the steps in [Creating an Environment](/environments/creating-an-environment.md) to install P0 on a supported resource and start a scan. P0 reads your IAM configuration and displays a collection progress indicator while it works. A single environment and scan power both products: the same data also feeds [Posture](/readme/posture.md), which flags access risks such as overprivileged accounts and risky lateral-movement paths. To review and triage those findings, see [Getting started with Posture](/getting-started/getting-started-with-posture.md). {% hint style="info" %} A scan can take several minutes to complete, depending on the size of your environment. You can continue to the next step once collection finishes. {% endhint %} ## Step 2: Open the Inventory page and confirm your data After your scan completes, confirm that P0 collected your data. 1. In the P0 dashboard, select the **Inventory** page. 2. Review the asset table. An empty search matches everything in your IAM configuration, so you see every collected item listed by default. 3. Use the **Show** dropdown to switch between **credentials**, **entitlements**, **identities**, and **resources**. Each option displays a different slice of your access graph. If the table shows identities and resources from the provider you connected, your inventory is ready to query. If the table is empty, return to [Step 1](#step-1-connect-a-resource-and-run-your-first-scan) and confirm that your scan finished. ## Step 3: Run your first query A query has two controls: * **Show** — selects the kind of data to display (credentials, entitlements, identities, or resources). * **Where** — a free-form search box that filters results to the term you enter. Try a search to find access of interest: 1. Set **Show** to **identities**. 2. In the **Where** field, enter a term that appears in your data, such as a username, a resource name, or a permission. P0 returns the identities connected to that term. 3. To target a specific type of data, add a type prefix. For example, enter `risk:CRITICAL` to show only items that expose a critical IAM risk. You can also refine a query without typing. Hover over any item in the results, then select **show** or **hide** to add that item to your query. To learn the query language from scratch, see [Query Language Basics](/inventory/query-search/query-language-basics.md). For the full query syntax — including exact matches, attribute matches, and path expressions — see the [Search Reference](/inventory/query-search/search-reference.md). ## Step 4: Investigate a result Each result links to a detailed view that explains why it matches your query. 1. In the results table, select **view** on any item to open its details. For more on what each field means, see [Result Details](/inventory/result-details.md). 2. Review the **Risks** section to see the access risks reachable from the item and the privileges that expose them. 3. Switch to the graph visualization to see the access paths that connect identities, entitlements, and resources. Select any node to view its properties. The graph reveals lateral movement — the chains of access that let one identity reach a resource through federation, group membership, or cross-account roles. ## Step 5: Save a search as a monitor When a query surfaces a risk you want to track over time, save it as a custom monitor. P0 re-runs the query on every scan and reports the results in [Monitor Results](/posture/monitor-results.md). 1. Build a query that returns the results you want to track, and confirm the displayed results match your expectations. 2. Select **Save Search**. 3. Enable the **Create a monitor for this search?** toggle. 4. Enter a title, description, and severity for the monitor, then save. For more detail on building and managing inventory queries, see [Access Inventory](/inventory/access-inventory.md). ## What's next You now know how to connect data, query your inventory, investigate access, and save a monitor. From here, you can: * Connect P0 to [your directory](/integrations/directory-integrations.md) to enrich identity data. * [Analyze your security findings](/posture/monitor-results.md) from built-in and custom monitors. * Connect P0 to a [ticketing system](/integrations/tracker-integrations.md) to track remediation. * [Get started with Just-in-Time Access](/getting-started/getting-started-with-just-in-time-access.md) to grant time-limited access to the resources you discovered. If you run into any issues, contact . We're here to help. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.p0.dev/getting-started/getting-started-with-access-inventory.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.