Least privilege

Standing access shouldn't stay standing.

Timed access for high-risk resources. Drift handling for when reality diverges from intent. Access reviews that actually close. Revocation that runs through the same provisioning pipeline as the original grant. Least privilege as an operating posture, not a project.

Four mechanics. One pipeline.

  1. Timed access.

    High-risk resources can be configured to expire by default. At expiry, access revokes automatically — a policy decision, not a calendar reminder.

  2. Drift handling.

    Sync observes what's actually granted downstream. When reality diverges from intent, policy decides: adopt, flag, preserve, or revoke. Drift becomes a signal.

  3. Access reviews.

    Certification campaigns with reviewer accountability and exportable evidence. Where remediation is set to automatic, revoke decisions flow through the provisioning pipeline, not into someone's inbox.

  4. Accountable revocation.

    Every revocation is a versioned provisioning operation with a step-by-step journal. When a review decision would be undone by automation recreating the access, Owlie holds that revoke until the source is addressed — so "revoked" means actually revoked, with evidence.

What least privilege usually looks like.

Most teams implement least privilege by mandate and hope. Set a policy. Manually audit once a quarter. Send a spreadsheet to managers. Chase completions. Resolve by email. The access decisions happen; the actual revocations mostly don't.

Owlie closes the loop. Reviews can trigger revocations. Drift triggers policy. Timed access expires on its own. Less ceremony. More access actually removed.

One grant, one expiry, one journal.

A sensitive resource — production database write access — is configured with 5-hour timed access and a Function-backed approval policy. An engineer needs it for an outage. Requests it. The Function checks their on-call schedule and auto-approves. Access is granted.

At expiry, Owlie revokes the access automatically. The next sync run confirms the revocation happened downstream. Evidence lives in the execution journal. No one has to remember to clean up.

Keep reading.

Least privilege, without the ceremony.

Early access is open. Bring a real high-risk resource and we'll show you Owlie expiring it on a timer, through the same pipeline as any other grant.