Pre-approving Access
Last updated
Last updated
Approvers can pre-approve access before the requestor creates an access request.
For instance, the approver may want to allow certain users to elevate their permissions automatically for the duration of a project, without having to wait for the approver to approve manually every time.
To allow access requests for the future, use the /p0 allow slash command in Slack.
The arguments for this command are similar to /p0 request (see ), with a few additional required options:
--to <email>
Use the email identifier of the principal to which you want to grant access
--length <duration>
Duration for auto-approved access. The requestor will be automatically approved between the start time of the allow command up to this duration. Format like '10 minutes', '2 hours', '5 days', or '1 week'.
--request-duration <duration>
Access duration for individual requests. Once the requestor submits an access request, it will be automatically approved for this duration. Format like the --length option.
Optionally you can specify the --start option, which is the start time for auto-approved access. Defaults to now if not specified. Use ISO 8601 format, like '2021-01-01T00:00:00Z' or 2021-01-01.
The principal issuing the allow command must be a valid approver for the principal in the --to argument, and for the resources specified, based on .