ConductorOne Docs

Query access data to gain insight

Use ConductorOne's pre-built access queries to quickly zoom in on important access information relevant to your organization's security.

On the Access explorer page you’ll find queries to help you explore and understand your organization’s access data so you can mitigate potential security risks. The results of select queries are also summarized on the Security tab of the dashboard.

Here are the available queries, the data each query presents, which queries are also shown on the security dashboard, and how you can filter each query to zoom in on the information most relevant to you.

Query titleSecurity dashboardWhat the query showsAvailable filters
All accountsAll accounts for all applications.By app
By user
Accounts without an account ownerAll accounts for all applications with no account owner set.By app
High-risk accountsβœ…Accounts granted at least one entitlement designated high risk.None
Inactive accountsβœ…Accounts that have not been logged into within the timeframe you select.By app (required)
Orphaned accountsβœ…All accounts for all applications with either no account owner or a deactivated user set as the account owner.By app
Apps with a deactivated ownerApplications with a designated application owner whose account is deactivated.By app
Apps with one ownerApplications that have a single designated application owner.None
Entitlements with a deactivated ownerEntitlements with a designated entitlement owner whose account is deactivated.None
Entitlements with one ownerEntitlements that have a single designated entitlement owner.None
All resourcesAll resources for all applications.By app
By resource type
By risk level
Resources with a deactivated ownerResources with a designated resource owner whose account is deactivated.None
High-risk role grants (permanent)βœ…All users granted a role designated high risk without a time limit on the grant.None
High-risk role grants (temporary)βœ…All users granted a role designated high risk with a time limit on the grant.None
Standing privilegesβœ…Users with access grants that have no time limit.By app
Users without a managerUsers with no manager user attribute set.None