Documentation
Guides
HomePortalStatus

The Access Graph

Visualizing Access in Border0

Suggest Edits

The Border0 Access Graph provides a clear, visual representation of how access flows within your organization. It is a directed acyclic graph where edges represent the flow of access, helping administrators easily understand who has access to what—and why.

Understanding the Access Graph
In the Access Graph, nodes represent key entities in your organization, including:

  • Users
  • Groups
  • Service Accounts
  • Policies
  • Sockets (Services)

Access flows from Users and/or Service Accounts to Sockets, providing transparency into group memberships, policy associations, and inherited permissions..

An access graph depicting how users Adriano, Greg, and Pedro have access to socket "fancy-dew"

Access Graph for Socket "fancy-dew"

For example the access graph above is for socket "fancy-dew". From the access graph we learn that:

  • Users "Adriano" and "Greg" are members of group "site-reliability-engineering"
  • Users "Adriano" and "Greg" are referenced in policy "default"
  • User "Pedro" is referenced in policy "fdghmn"
  • Service Account "terraform-example" is referenced in policies "default" and "fdghmn"
  • Group "site-reliability-engineering" is referenced in policy "fdghmn"
  • The policies "default" and "fdghmn" are attached to socket "fancy-dew"

Overall we learn that the users "Adriano", "Greg", "Pedro", and the Service Account "terraform-example" all have access to the "fancy-dew" socket —either directly or through group and policy associations.

Perspectives

Depending on the type of access graph (i.e. whether its for a User, Group, Service Account, Policy, or Socket) certain information will omitted for the graph in order to maintain the emphasis on the current node.

  • User Access Graphs do not show other users or service accounts
  • Service Account Access Graphs do not show other users or service accounts
  • Group Access Graphs do not show other groups nor policies that do not directly reference the group
  • Policy Access Graphs do not show groups that are not directly referenced in the policy
  • Socket Access Graphs do not show other sockets


Why the Access Graph Matters

The Border0 Access Graph provides a powerful, real-time visualization of how access is granted and inherited within your organization. It helps security teams and administrators:
✅ Quickly audit access paths
✅ Ensure least privilege principles
✅ Troubleshoot and modify policies effectively

With the Access Graph, you get complete visibility into your organization's access structure at a glance.

Updated 21 days ago