Query access data to gain insight
Use ConductorOne's pre-built access queries to quickly zoom in on important access information relevant to your organization's security.
Available queries
On the Access explorer page you’ll find queries to help you explore and understand your organization’s access data so you can mitigate potential security risks. The results of select queries are also summarized on the Security tab of the dashboard.
| Query title | Security dashboard | What the query shows | Available filters |
|---|---|---|---|
| All accounts | All accounts for all applications. | By app By user | |
| Accounts without an account owner | All accounts for all applications with no account owner set. | By app | |
| High-risk accounts | โ | Accounts granted at least one entitlement designated high risk. | None |
| Inactive accounts | โ | Accounts that have not been logged into within the timeframe you select. | By app (required) |
| Orphaned accounts | โ | All accounts for all applications with either no account owner or a deactivated user set as the account owner. | By app |
| Apps with a deactivated owner | Applications with a designated application owner whose account is deactivated. | By app | |
| Apps with one owner | Applications that have a single designated application owner. | By app | |
| Entitlements with a deactivated owner | Entitlements with a designated entitlement owner whose account is deactivated. | None | |
| Entitlements with one owner | Entitlements that have a single designated entitlement owner. | None | |
| All resources | All resources for all applications. | By app By resource type By risk level | |
| Resources with a deactivated owner | Resources with a designated resource owner whose account is deactivated. | None | |
| High-risk role grants (permanent) | โ | All users granted a role designated high risk without a time limit on the grant. | None |
| High-risk role grants (temporary) | โ | All users granted a role designated high risk with a time limit on the grant. | None |
| Standing privileges | โ | Users with access grants that have no time limit. | By app |
| Users without a manager | Users with no manager user attribute set. | None |