Glossary¶

Integration¶

Top-level UX object. A user adds an Integration (for example, AWS, Azure, CyberArk Identity) and configures one or more Connections.

Connector¶

A packaged, versioned integration module. A Connector always declares a Connector Type capability.

Connector Type¶

Capability taxonomy. Initial type: - Discovery Connector (v0)

Future types (not in v0): - Control Connector - Credential Connector - Session Connector - Telemetry Connector - Workflow Connector

Connection¶

A configured instance of a Connector in one workspace, including credentials/scopes, scheduling, and run history.

Tenant Admin¶

Administrative role for tenant-level operations in a tenant-isolated deployment (for example, workspace ownership transfer and tenant configuration). Does not imply unrestricted cross-workspace data visibility.

Global Control Plane¶

Shared platform layer that manages tenant registry, licensing/service flags, routing metadata, and fleet operations. It is not a tenant business-data plane.

Tenant Data Plane¶

Per-tenant deployed service set that handles customer workloads and data.

Workspace¶

Primary product boundary for data access and day-to-day operations.

Gateway¶

A deployed relay/agent used to reach isolated networks. Reserved for future in most v0 connectors.

Principal¶

Canonical entity representing a human or non-human actor seeking access.

Account¶

System-specific identity record (not necessarily a credential).

Entitlement¶

Canonical authorization construct: role/group/policy/permission set.

Resource¶

Canonical target accessed: cloud resources, clusters, apps, and services.

Cloud Account Boundary¶

Canonical provider container: - AWS Account - Azure Subscription - (GCP Project in the future)

Access Path¶

Derived chain describing access: Principal -> Account -> Entitlement -> Resource

Provenance¶

Fields explaining why a fact exists: source system/object, observed timestamp, run id, confidence, and evidence reference.