P0 App Documentation
Sign up for FreeSandbox
  • What Is P0?
    • πŸŽ›οΈIAM Dashboard
    • πŸ”ŽAccess Inventory
    • πŸͺ‘IAM Posture
    • ⏱️Just-In-Time Access
    • ♻️Service-Account Key Rotation
  • Getting Started
    • ⬇️Quick Start
    • 🎁Share P0 With Your Team
  • INVENTORY
    • πŸ—ΊοΈAccess Inventory
    • πŸ”¬Result Details
    • ❔Query Search
      • πŸ“–Search Reference
  • Posture
    • βš–οΈPosture Overview
  • Monitor Results
  • πŸ€”Finding Details
  • ORCHESTRATION
    • ⏰Just-in-time access
      • πŸ–οΈRequesting Access
        • πŸ‘‰For Another Party
      • 🏁Approving Access
        • Pre-approving Access
      • πŸ”€Request Routing
        • Google Cloud Filtering
        • AWS Filtering
  • Environments
    • ☁️Creating an Environment
    • πŸ““Environment Terminology
    • βš™οΈSettings
  • Integrations
    • πŸ“žNotifier integrations
      • πŸ’¬Slack
      • πŸ‘¬Microsoft Teams
      • πŸ“£Custom Notifier
    • πŸ”‘Resource integrations
      • ☁️Google Cloud
        • Requesting Access
        • Permissions Reference
          • Cloud Storage
          • Compute Engine
      • πŸ“¦AWS
        • Requesting Access
      • ☸️Kubernetes
        • Requesting Access
        • Advanced Requests
      • πŸ”‹PostgreSQL
        • Requesting Access
      • ❄️Snowflake
      • πŸ–₯️SSH
      • GitHub
        • Requesting Access
      • πŸ› οΈCustom Resource
    • πŸ‘₯Directory integrations
      • Microsoft Entra ID
        • Requesting Access
      • Google Workspace
      • Integrate P0 with Okta
    • βœ”οΈApproval integrations
      • πŸ””PagerDuty
    • πŸ”ŒSIEM Integrations
      • Splunk HEC Setup
  • P0 Management
    • 🎩Role-Based Access Control
Powered by GitBook
On this page
  1. ORCHESTRATION
  2. Just-in-time access
  3. Approving Access

Pre-approving Access

PreviousApproving AccessNextRequest Routing

Last updated 2 months ago

Approvers can pre-approve access before the requestor creates an access request.

For instance, the approver may want to allow certain users to elevate their permissions automatically for the duration of a project, without having to wait for the approver to approve manually every time.

πŸ•’ Allowing access ahead of time

To allow access requests for the future, use the /p0 allow slash command in Slack.

The arguments for this command are similar to /p0 request (see ), with a few additional required options:

  • --to <email> Use the email identifier of the principal to which you want to grant access

  • --length <duration> Duration for auto-approved access. The requestor will be automatically approved between the start time of the allow command up to this duration. Format like '10 minutes', '2 hours', '5 days', or '1 week'.

  • --request-duration <duration> Access duration for individual requests. Once the requestor submits an access request, it will be automatically approved for this duration. Format like the --length option.

Optionally you can specify the --start option, which is the start time for auto-approved access. Defaults to now if not specified. Use ISO 8601 format, like '2021-01-01T00:00:00Z' or 2021-01-01.

The principal issuing the allow command must be a valid approver for the principal in the --to argument, and for the resources specified, based on .

⏰
🏁
routing rules
Using Slack slash commands