Ctrlk
Sign up for FreeKnowledge Base
For the complete documentation index, see llms.txt. This page is also available as Markdown.

πŸ—ΊοΈAccess Inventory

Browse and query your entire IAM configuration. Combine data from identity providers, IAM policies, access logs, and P0's IAM Privilege Catalog.

The inventory page lets you browse and query your entire IAM configuration, combining data from your identity provider, IAM policies, your access logs, and P0's IAM Privilege Catalog.

Access inventory graph visualization showing identities, entitlements, and resources connected by lateral movement paths

Search interface

When you land on the Inventory page, you'll be presented with a search interface. At the top of this view you'll see a query control, and, below, all items that match your query. By default results are returned in a asset table. Everything in your IAM configuration matches an empty search, so you'll see everything listed at first.

Asset list

To search for something specific, type any text included in that IAM datum into the "where" bar:

Inventory search results table showing entitlements for bucket resources with columns for Principal, Privilege set, Resource, and Risks

For detailed information on how to query your data, see Query Search. You can also have P0 help you construct queries by hovering over items:

Inventory item hover menu showing options to show or hide identities of this type for query refinement

Clicking "show" or "hide" will update your query to show or hide the selected items.

You can display credentials, entitlements, identities, or resources by selecting these in the "show" selection:

Inventory Show dropdown menu with Credentials, Entitlements, Identities, and Resources options for filtering results

For each item, you can see detailed information by selecting "view," which will take you to the relevant Result Details page.

Graph visualization

Results can also be viewed as a graph visualization. You will see all items that can reach your search terms, as well as the access paths that connect them.

Access inventory graph visualization showing identities connected to GCP role bindings, Cloud Storage service, and a storage bucket

You can get more information on any node in your access graph by clicking on it, which will open a view of all that graph node's properties.

Graph node detail panel showing GCP Role Binding properties including principal, role, parent project, and cross-resource access status

Creating custom monitors

You create custom monitors from the Inventory page. Results from these monitors will appear in Monitor Results on every scan of your environment. To create a custom monitor:

  • Select a "show" option and enter a "where" query

  • After ensuring that the displayed results match your expectations, click Save Search

  • Enable the "Create a monitor for this search?" toggle, then follow the prompts to add a title, description, and severity for your monitor

Create New Monitor dialog with query, label, description, and priority fields for a custom BigQuery grants monitor
PreviousConfigure Access PoliciesNextResult Details

Last updated