Queries And Search
Operator queries for understanding access, audit, and system hygiene.
Atom is not only a runtime decision engine. Operators also need to answer questions such as:
- What can this entity access?
- Who can access this resource?
- Why was this request denied?
- Which entities hold this role?
- Which credentials are expiring or revoked?
Query Principles
- Queries are authenticated.
- List results are paginated.
- Results should be resolved enough for humans to understand.
- Access listings should show where access came from: role assignment, direct policy, principal group, and permission block.
- Tenant-aware filters should be available where the object model is tenant-scoped.
Guide Pages
| Page | Question answered |
|---|---|
| Authorization Explain | Why did one decision allow or deny? |
| Entity Access | What can one entity access? |
| Resource Access | Who can access one resource? |
| Audit | What security events happened? |
| Bulk Check | Can several actions be checked together? |
| Role Holders | Who receives a role? |
| Group Access | What access comes from a principal group? |
| Effective Actions | What actions does an entity effectively hold? |
| Admin Hygiene | What needs operator cleanup? |