Skip to content

Viewing Cloud Access Details

If the entitlement is related to cloud access, you may be able to select View Details in the Cloud Enabled column when certifying by identity.

Depending on your organization's SailPoint cloud management solution, this will display cloud resources the entitlement grants access to or all cloud access the user has.

Viewing all cloud access

Organizations using CIEM can view a user's activity from supported cloud service providers, including the user's privileges and if they took action on a resource.


  • Last Accessed and Last Activity data refer to the last time the resource was accessed by the user and whether that activity was a read, write, or admin action.

  • Last access dates and activity are only displayed for AWS resources which write to CloudTrail.

You can also view the access paths between the user and resources.

Viewing access paths

Select View Access in the Access Paths column to view the access paths between scoped objects like groups, policies, and projects granting the user access to the selected resource.

The Entitlement Path tab displays the access the entitlement is granting that user.

You can select All Paths to display all of the cloud access the user with the entitlement has. If a user can access a resource through paths other than the entitlement, they may still be able to access that resource even if you revoke the entitlement.

Multiple access paths, such as groups, role assignments, and subscriptions, connect the user to the resource.

If a user has multiple of the same type of access at the same scope, such as multiple role assignments that lead to the same management group, you can select the node to display the access leading to the resource. Use the collapse icon to collapse all nodes.