Viewing Cloud Access Details
If the entitlement is related to cloud access, you may be able to view information about the cloud entitlements, resources, privileges, and access paths to cloud infrastructure an identity has.
Viewing cloud entitlements
When certifying access profiles, you can select the access profile name to view its entitlements. Select the entitlement name to view more details. If the entitlement is cloud enabled, you may be able to select View Details to display more granular information about the cloud attributes.
When certifying entitlements, you can select View Details in the Cloud Enabled column to view cloud access information.
If your organization is using SailPoint CIEM, you can also view the identity's access to cloud resources and privileges on those resources. This includes activity data on whether they used the entitlement, what access level they used (read/write/admin), and timestamps of previous activity and actions.
You can search for and select an entitlement in the Entitlement field to view all accessible cloud resources across the user's cloud entitlements. You can also select All to view the total access the user has in the cloud environment.
Last Accessed and Last Activity data refer to the last time the resource was accessed by the user and whether that activity was a read, write, or admin action.
Last access dates and activity are only displayed for AWS resources that write to CloudTrail.
Viewing access paths
From the Cloud Details page, you can select View Access in the Access Paths column to view the access paths from scoping objects like groups, policies, and projects granting the user access to the selected resource.
The Entitlement Path tab displays the access path from the entitlement under review, or you can select All Paths to display all access paths across the identity's entitlements to the resource.
If a user can access a resource through paths other than the entitlement, they may still be able to access that resource even if you revoke the entitlement.
If a user has multiple of the same type of access at the same scope, such as multiple role assignments that lead to the same management group, you can select the node to display the access leading to the resource. Use the Collapse icon to collapse all nodes.