Identity Grant JIT
identity_grant_jitIssue time-bound just-in-time access to a tool for an identity, enforced by admin role and audit logging.
Instructions
Grant an identity time-bound JIT access to one tool. Requires admin role, identity:write scope, and an audit reason.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| reason | No | Human audit reason for granting access. | |
| tenant_id | No | Tenant scope for audit logging. | default |
| ticket_id | No | Optional change/incident ticket id for the grant. | |
| tool_name | Yes | Tool the grant authorizes, beyond the identity's standing scope. | |
| identity_id | Yes | Identity id to grant time-bound access to. | |
| ttl_seconds | No | Grant lifetime in seconds. | |
| operator_role | No | Operator role for this write action. Must be admin. | viewer |
| operator_scopes | No | Comma-separated operator scopes. Must include identity:write. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |