Access Flows

Sym's Access Flows let you to grant temporary access to sensitive resources in no time.

Sym's Access Flows allow users to request temporary and auto-expiring access to sensitive resources. The requests are routed through fully-customizable escalation pathways via Sym's Python SDK, with the majority of the request-approve cycle taking place in Sym's Slack app.

As requests move through the Sym system, all events are logged for audit purposes. These audits are made available via the Reporting Framework, which can then be connected downstream to any number of customer-owned destinations.


Configuration Anatomy

Access Flows all extend a base template, and are constructed of three key elements:

ResourceWhat it defines
sym_flow- Name of the Flow
- Path to SDK implementation
- Flow Params, including the strategy used by the Flow and the fields an end-user will see.
sym_strategy- Type, e.g. aws_iam, okta, custom
- A list of targets
sym_target- Type, e.g. aws_iam_role
- Settings (e.g. arn), which will be dependent on Type.

In addition, a Flow is likely to contain reference to an environment, which itself will contain a collection of integrations common to one or more Flows (e.g. Slack and PagerDuty).


The sym:approval Template is defined at sym.sdk.templates.approval.html.