πŸ‘‰For Another Party

In addition to using P0 to request just-in-time access for yourself, you can use P0 to request access for another account.

For instance, if you use Terraform to deploy infrastructure, you may need to temporarily escalate the privileges of Terraform's service account during deploy.

πŸ™ Creating a 2nd-party request

To make a 2nd-party access request, use the /p0 grant slash command in Slack.

The arguments for this command are exactly the same as /p0 request (see Using Slack slash commands), with a couple changes:

  • You must add a --to <email> option to your request, using the email identifier of the account to which you want to grant access

  • When requesting access to Google Cloud, use --principal-type group or --principal-type service-account to grant access to users groups or service accounts, respectively

πŸ’¬ Discussing your request

After you make your request, an approval message will be sent to your approvals channel. This approval message is exactly the same as for a first-party access request, except that the approval message indicates that you are making the request on behalf of the email you specified:

Last updated