View access details to specific storage buckets

This article describes how to do the following:

• Obtain a comprehensive visibility into cloud IAM principals with access to specific S3 buckets.
• Filter access information based on permission types, originating projects, and other crucial criteria such as risk indicators.

View specific storage buckets access details

1. Navigate to the storage bucket whose access details you wish to view.
   1. In the Prisma Cloud DSPM side menu, click Inventory.
   2. In Inventory, click the name of the specific storage bucket you want to view.
      
   3. Click the Access tab to view the DAG (data access governance) for the specific storage bucket.
      
2. Use the Access mapping graph or Access list to identify and monitor all the roles and users with access permissions to the specific storage bucket.

Access mapping graph

The access mapping graph opens by default when you click the Access tab.

• Use the mapping graph to instantly view a snapshot of each users’ relationship to the storage bucket.
• View the permissions associated to each role.
• Mouse hover over the bucket, project, user groups, and roles to view more details about users' access details.
  For example, view the type of user, the origin of the account, or a timestamp of when the bucket was accessed.

Access list

1. In the Access tab click the hamburger icon to view the access information in list form. (To return to the mapping graph, click the mapping icon.)
   
   
2. Use the filters to view specific access information. For example, use the Risk indicator and Over privileged filters to view users who have over privileged roles to the storage bucket.
   • An exclamation point denotes an over privileged user.
   • In the Last Used column, N/A denotes those users who have either never accessed the bucket, or users who last accessed the bucket over 90 days ago, indicating their permissions may be over privileged
   • Use the list view to determine if a user’s permissions are too high for their requirements. For example, a user may only require List permissions to a bucket, which is the lowest permissions available, yet the user may unnecessarily have higher permissions to the bucket which are surplus to their requirements, for example Read/Write permissions.