At Sourcegraph Entitle - Permission management is used for time bound access management to systems. Entitle has built-in integrations for GCP/AWS/Terraform Cloud/etc. To extend Entitle’s capabilities to support privileged access to our services (Dotcom Site-Admin, SSC Admin, Cody Analytics) SAMS implements Entitle’s REST API integration specification. This allows Sourcegraph teammates to request roles to access our services using their SAMS account for authentication.
sequenceDiagram
Note over Entitle: Get resources and roles
activate SAMS
Entitle->>SAMS: GET /api/entitle/assets
SAMS->>database:
database->>SAMS:
SAMS->>Entitle:
deactivate SAMS
Note over Entitle: Get users
activate SAMS
Entitle->>SAMS: GET /api/entitle/actors
SAMS->>database:
database->>SAMS:
SAMS->>Entitle:
deactivate SAMS
sequenceDiagram
User A->>+Entitle: Request dotcom::site_admin on Dotcom
Entitle->>-User A: Request Created. Granting...
Entitle->>+SAMS: Grant User A dotcom::site_admin on Dotcom
SAMS->>SAMS Notifications: User A roles changed
SAMS->>-Entitle: Granted User A dotcom::site_admin on Dotcom
SAMS Notifications->>Dotcom: User A roles changed
activate Dotcom
Dotcom->>+SAMS: Get User A roles
SAMS->>Dotcom: [dotcom::site_admin on Dotcom]
Note over Dotcom: Promote User A to Site Admin
deactivate Dotcom