Skip to content

Viewing Cloud Access Details

If the entitlement is related to cloud access, you may be able to view information about the cloud entitlements, resources, privileges, and access paths to cloud infrastructure an identity has.

Viewing cloud entitlements

When certifying access profiles, you can select the access profile name to view its entitlements. Select the entitlement name to view more details. If the entitlement is cloud enabled, you may be able to select View Details to display more granular information about the cloud attributes.

Details about the access profile are displayed with the All Dev Admin entitlement selected. The Cloud Enabled section includes a link to view cloud details.

When certifying entitlements, you can select View Details in the Cloud Enabled column to view cloud access information.

Certification screen with the Cloud Enabled column highlighted. It contains the View Details link.

If your organization is using SailPoint CIEM, you can also view the identity's access to cloud resources and privileges on those resources. This includes activity data on whether they used the entitlement, what access level they used (read/write/admin), and timestamps of previous activity and actions.

You can search for and select an entitlement in the Entitlement field to view all accessible cloud resources across the user's cloud entitlements. You can also select All to view the total access the user has in the cloud environment.


  • Last Accessed and Last Activity data refer to the last time the resource was accessed by the user and whether that activity was a read, write, or admin action.

  • Last access dates and activity are only displayed for AWS resources that write to CloudTrail.

Viewing access paths

From the Cloud Details page, you can select View Access in the Access Paths column to view the access paths from scoping objects like groups, policies, and projects granting the user access to the selected resource.

The Entitlement Path tab displays the access path from the entitlement under review, or you can select All Paths to display all access paths across the identity's entitlements to the resource.

Multiple access paths, such as groups, role assignments, and subscriptions, connect the user to the resource.


If a user can access a resource through paths other than the entitlement, they may still be able to access that resource even if you revoke the entitlement.

If a user has multiple of the same type of access at the same scope, such as multiple role assignments that lead to the same management group, you can select the node to display the access leading to the resource. Use the Collapse icon to collapse all nodes.

Documentation Feedback