For Another Party
Last updated
Last updated
In addition to using P0 to request just-in-time access for yourself, you can use P0 to request access for another account.
For instance, if you use Terraform to deploy infrastructure, you may need to temporarily escalate the privileges of Terraform's service account during deploy.
To make a 2nd-party access request, use the /p0 grant slash command in Slack.
The arguments for this command are exactly the same as /p0 request (see ), with a couple changes:
You must add a --to <email> option to your request, using the email identifier of the principal to which you want to grant access
When requesting access to Google Cloud, use --principal-type group or --principal-type service-account to grant access to users groups or service accounts, respectively
The principal issuing the grant command does not have to be a valid approver. The principal in the --to argument has to be a valid requestor based on .
After you make your request, an approval message will be sent to your approvals channel. This approval message is exactly the same as for a first-party access request, except that the approval message indicates that you are making the request on behalf of the email you specified:
