Entitlements and Roles
Who this is for
Admins and security teams defining access policies.
Goal
Understand how entitlements and roles differ and how Owlie uses each.
Prereqs
- /fundamentals/glossary
Success criteria
You can choose between entitlements and roles for a given access need.
Concept
- Entitlements are permissions inside external systems.
- Roles are permissions inside Owlie itself.
How Owlie models it
- Resources are requestable items that often map to one or more entitlements.
- Roles control who can administer, approve, or audit inside Owlie.
What’s different vs typical IGA
- Owlie separates external entitlements from internal roles and keeps them distinct.
What Owlie does not do
- No automated role mining or role recommendation.
Example
“GitHub Read Access” is a resource backed by one or more entitlements. “Owlie Admin” is a role that grants admin capabilities in the dashboard.
Troubleshooting
- If entitlement lists are too noisy, reduce ingestion scope and keep resource catalogs focused on high‑value access.
Next steps
- /implement/requests/access-requests
- /reference/roles-permissions