> For the complete documentation index, see [llms.txt](https://docs.p0.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.p0.dev/p0-cli/p0-commands-and-usage/p0-request.md). # p0 request ### Overview * Manually request just-in-time access to resources across AWS, Entra ID, GCP, Okta, SSH, and Google Workspace. * Create a time-boxed access request instead of granting standing permissions. * Send the request for approval and, once approved, automatically provision permissions for your specified duration. * Apply your organization’s guardrails, including auto-revocation at expiry. * Generate a complete audit trail showing who requested what, when, and why. * Attach a reason for audit logging and approval context. * Optionally block (`--wait`) until provisioning completes, then execute the underlying command (e.g., `aws`, `gcloud`, `ssh`). * Integrate with Slack (or your configured notification channel) for approval workflows and notifications. * Enforce your organization’s TTL policy and auto-revoke rights at expiry. ### Prerequisites * **Logged-in user** * **Network access**: allow HTTPS to `https://api.p0.app/o//command/`. ### Syntax ``` p0 request [resource-args…] [--reason ] [-w | --wait] ``` * `` * `aws` * `azure-ad` (Entra ID Legacy) * `entra-id` * `gcloud` * `okta` * `ssh` * `workspace` * `` & resource-args * Provider-specific; run `p0 request --help` for details. * `--reason ` * Justification for audit and approver context. * `-w, --wait` * Block until access is provisioned and then execute the underlying tooling command. ### Global Flags * `--help` * Show help for any command. * `--reason ` * Provide a justification string. * `-w, --wait` * Wait for provisioning before returning. ### Supported Providers * **AWS** * `p0 request aws role ` * `p0 request aws resource ` * **Entra ID (Legacy)** (`azure-ad`) * `p0 request azure-ad membership ` * **Entra ID** (`entra-id`) * `p0 request entra-id membership ` * `p0 request entra-id assignment ` * **GCP** * `p0 request gcloud role ` * `p0 request gcloud resource ` * `p0 request gcloud permission ` ([GitHub](https://raw.githubusercontent.com/p0-security/p0cli/main/README.md)) * **Okta** * `p0 request okta group ` * **SSH** * `p0 request ssh destination ` * **Workspace** * `p0 request workspace drive ` * `p0 request workspace group ` ### Examples 1. **AWS IAM Role** ```bash p0 request aws role MyReadOnlyRole \ --account 123456789012 \ --reason "Investigating S3 access issues" \ --wait ``` Outcome: Requests the `MyReadOnlyRole` role in account `123456789012`; blocks until provisioned, then you can run AWS commands under that role. 2. **GCP Viewer Role** ```bash p0 request gcloud role roles/viewer \ --project my-gcp-project \ --reason "Ad-hoc data audit" \ --wait ``` Outcome: Creates a GCP IAM request for the \`roles/view --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.p0.dev/p0-cli/p0-commands-and-usage/p0-request.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.