The Problem with Standing Access
Most organizations manage access through group memberships. Add someone to "database-admins" and they have permanent production database access. Add them to "ssh-users" and they can access servers indefinitely.
This creates significant security risks:
Standing Privilege Risks
- 1Credential Theft
Attackers who compromise credentials gain immediate access to everything the user can access
- 2Privilege Creep
Users accumulate permissions over time that they no longer need
- 3Insider Threats
Disgruntled employees retain access until someone remembers to revoke it
- 4Compliance Violations
Standing access makes it impossible to prove who accessed what and when
What Is Just-In-Time Access?
Just-in-time (JIT) access is simple: users don't have permanent elevated privileges. Instead, they request access when needed, get approval through automated or manual workflows, and receive time-limited credentials that expire automatically.
JIT Access Flow
Developer requests access with reason and duration
Manager or automation approves based on policy
Short-lived certificate issued (1-8 hours typical)
Access automatically revoked, no cleanup needed
Implementing JIT Access with TigerAccess
TigerAccess makes JIT access seamless. Users can request access through Slack, the CLI, or the web UI. Approvals can be automatic based on policies or require human approval.
# Request production database access via CLI
tac access request postgres-prod \
--reason="Deploy hotfix for payment processing bug" \
--duration=2h \
--ticket=INC-789
# Or via Slack
/tac request postgres-prod 2h "Deploy hotfix for INC-789"
# Auto-approved if:
# - User is in on-call rotation
# - Request is during business hours
# - Resource is in user's team scope
# - Duration is under 4 hours
# Otherwise, routes to manager for approvalPolicy-Based Auto-Approval
JIT doesn't mean slow. With intelligent policies, most requests can be auto-approved while still maintaining security controls.
# TigerAccess policy configuration
kind: AccessPolicy
metadata:
name: production-database
spec:
resource: postgres-prod
# Auto-approve conditions
auto_approve:
conditions:
- role: ["on-call", "dba-team"]
max_duration: 4h
- role: ["developer"]
max_duration: 1h
require_ticket: true
business_hours_only: true
# Require approval for everything else
approval:
required_approvers: 1
approver_roles: ["team-lead", "security"]
# Audit requirements
audit:
require_reason: true
record_session: trueBenefits of JIT Access
Security Improvements
- 95% reduction in standing privileges
Most access is now time-limited and purpose-specific
- Complete audit trail
Every access includes who, what, when, why, and approval chain
- Automatic revocation
No more orphaned accounts or forgotten access
- Reduced blast radius
Compromised credentials have limited scope and time
Real-World Results
Organizations implementing JIT access with TigerAccess typically see:
- 90% reduction in standing privileged access
- 50% faster access provisioning (vs. ticket-based manual processes)
- 100% audit coverage with reason tracking
- Zero orphaned accounts due to automatic expiration
- Simplified compliance with automated access reviews
Getting Started
Implementing JIT access doesn't require replacing your entire infrastructure. Start with high-risk resources—production databases, admin consoles, and sensitive servers—then expand coverage over time.