Governance model
A model your auditors and your engineers both recognize.
Identities. Resources. Entitlements. Assignments. Not a graph visualization no one reads — a governance shape that maps cleanly to how access actually works in your org, and to the language auditors use when they ask you about it.
Governance model diagram
Identity → Assignment → Resource, with Entitlement sliced out of Resource. Text-first; the diagram sits supporting, not primary.
The shape
Four objects. One shared graph.
The model isn't bigger than it needs to be. Every access question — who has what, why, since when, granted by whom, matching what policy — resolves against four first-class objects. That's the whole shape.
Identity
A person or machine principal in Owlie. Carries attributes — email, title, manager, department — with per-attribute source-of-truth rules and multi-system priority fallback. Lifecycle states map to HR signals.
Resource
Anything your business grants access to — a SaaS app, a repo, a database role, a laptop order, a data room. Each carries its own request form, approval flow, and fulfillment path.
Depth on Extensibility .
Entitlement
A grantable slice of a Resource — the role inside an app, the permission set on a cloud account, the group on a directory. Entitlements are declared by connectors and stored as first-class objects.
Assignment
"This identity has this Resource (and possibly this Entitlement)." Assignments carry desired and applied version counters, provisioning state, observed state, and a journal of every change.
Verification
Sync verifies reality instead of overwriting it.
Sync is Owlie's observation layer. It compares what the connected systems currently show against what Owlie intended. When they match, nothing happens. When they diverge, Owlie applies a configurable policy — adopt the remote change, flag it, preserve intent and reconcile, or quietly ignore — per source and per object type. Stale-not-delete protects provisioned records from being wiped during a sync gap. Drift becomes a signal, not a surprise.
Drift detected — observed vs desired with policy decision
Real admin UI: a drift-detection card showing observed vs. desired, a policy decision chip — e.g. FLAG — and operator action buttons.
Source of truth
Every attribute has a rule, and the rule wins.
Identity attributes carry per-attribute source-of-truth rules. Email might prefer Workday, fall back to Google Workspace, and reject writes from other systems. Title might come from a single authoritative HR source. Owlie enforces the precedence at write time, so the attribute value you see always matches the rule you configured. Mid-market teams recognize this immediately — it's the problem every JML rollout hits.
Keep going.
Platform overview
The runtime and its six primitives, end to end.
Provisioning
Intent-based, versioned, same pipeline for automated and manual paths.
Entitlements
Catalog ownership, lifecycle hygiene, and stale-access detection.
Extensibility
Resources and Forms in depth, with Functions and Hooks.
Audit readiness
The solution view: evidence as the workflow runs.
A governance shape both halves of the org can read.
Early access is open. Bring your real access reality; keep the shape you already think in.