Managing resources
What are resources?
Resource is a generic term used to describe an object inside of an application. Resources might be:
- Roles
- Groups
- PermissionSets
- Profiles
- Licenses
- S3 Buckets
… and so on. Resources will be specific to an application. ConductorOne’s data model afford significantly flexibility with modeling and managing resources and entitlements on those resources.
When application data is ingested into ConductorOne via connector, file, or other data feed, ConductorOne identifies and creates resources. These resources are the basis of permission management.
To navigate to the resources in an application:
- Navigate to the application
- Click the Resources tab
Creating resources
Resources are created automatically from connectors and application data imports. Connectors do the heavy lifting of identifying essential resources (roles, groups, etc) inside of the application and sync’ing those to ConductorOne.
In the case where resources need to be manually created in an application, this can be accomplished through the entitlement creation flow or via API.
Managing resources
Even if a resource is automatically ingested via connector, you may wish to manage certain metadata. Start by navigating to the resource:
- Navigate to the application
- Click the Resources tab
- Click on the resource
From the resource detail page, you can:
Rename the resource
- Click the resource name (this turns the name into a text box)
- Update the name and hit Enter or click outside of the field to save the name
Change resource owners
Resource owners can be the target of policy approval steps. For example, you may require a resource owner to approve an access request for sensitive data or roles. To edit the resource owner:
- Click Edit
- Update the Owner field
- Click Save
Change resource description
Resource description are provided to users during access reviews and can be used in ConductorOne Copilot functionality. To edit the description:
- Click Edit
- Update the description field
- Click Save
Viewing grants
Grants are when users are explicitly granted entitlements on a resource. To view the grants on a resource:
- Click the Grants tab
This list will show who has access to and/or has been assigned entitlements for this resource.
Deleting resources
To delete a resource:
- Click … in the top right corner
- Click Delete
- Confirm resource deletion
Resources sync’ed from a connector cannot be deleted. These resources represent the “truth” of the application that is connected. To delete these resources, they must be deleted in the connected app.
What is the “Credential” resource
Every managed application in ConductorOne comes with a single resource and entitlement: the Credential resource and the Access entitlement on that resource. The access entitlement can be used to reference any Accounts that are in the application. This allows ConductorOne to treat accounts and access like resources and entitlements.
For example:
- If you want to make new accounts requestable in ConductorOne, set the corresponding access controls on the Access entitlement.
- If you want to run an access review on anyone who has any account in an application, select the Credential for the application.