The Access Graph is a visual map of how accounts connect to applications, groups, roles, and resource instances. This page explains how to read the graph - nodes, edges, node details, and the activity overlay - so you can navigate access relationships with confidence.Documentation Index
Fetch the complete documentation index at: https://docs.oleria.com/llms.txt
Use this file to discover all available pages before exploring further.
Nodes and edges
Each data entity in the graph is a node. Nodes are styled by entity type to make them visually distinct. Connections between nodes are edges that represent how access flows from one entity to another.Nodes
| Node type | Description |
|---|---|
| Identity | Your organization’s unique user profile, based on an email alias. An identity can have accounts across multiple applications. |
| Application account | A user account within a specific application - for example, an Anthony Lee account in Salesforce Production. |
| Group | A collection of application accounts that share access permissions within an application. |
| Role | A set of permissions within an application that can be assigned directly to accounts or to groups. |
| Resource | A category of data entity within an application - for example, a Salesforce object type or a Google Drive folder type. |
| Resource instance | A specific instance of a resource - for example, a specific Salesforce record or a specific Google Drive folder. |
Edges
Edges represent the access relationships between nodes. The direction of an edge shows how access is granted - for example, an edge from a Role node to a Resource Instance node means that role grants access to that resource instance. Edge thickness reflects access frequency when the activity overlay is enabled: thick edges indicate high usage, thin edges indicate low usage, and dotted edges indicate zero usage.Node details
Selecting a node opens a side panel with details about that entity - its context, permissions, and connections. Example: Select the node for Anthony Lee to open a side panel showing his email, user ID, role, user groups, and permissions. In this example, Anthony has a seed admin role, belongs to the engineering, board, sales, HR, and IT support groups, and has permission to access eight resource instances.
Activity overlay
The activity overlay shows how frequently each account uses the access it has, rendered directly on the graph as edge thickness.| Line style | Meaning |
|---|---|
| Thick line | High access frequency |
| Thin line | Low access frequency |
| Dotted line | Zero access |
Search
The Access Graph search lets you find identities, application accounts, resource instances, groups, or roles. You can use an account name or email address to search.If you are searching for an email address that contains reserved characters, wrap it in quotation marks. Example:
"demo-salesforce-group+anthonylee@oleria.com"
Search application accounts
Enter the name or email address of an application account in the search bar and select the account from the results. The graph displays a separate node for each application instance where that account exists. Example: Anthony Lee has accounts in Salesforce Production, Salesforce Dev, ServiceNow, Microsoft M365 SharePoint, and Google Drive. The graph shows a separate account node for each.
Search resource instances
Enter the resource instance name in the search bar and select it from the results. The graph displays a separate node for each application and environment where that resource instance exists. Example: If you have integrated Google and Salesforce, and the resource instance exists in both, you see two nodes - one per application. If you integrated Salesforce Production and Dev instances, you see two more nodes - one per environment.
Navigation
Access Graph updates in real time as you interact. You can trace paths from an account to the resource instances it can reach, or from a resource instance back to every account, role, and group with access.Navigate from an application account to a resource instance
Search for the account
Enter the identity or application account name or email in the search bar. The graph displays all matching identity or application account nodes.
Select the account node
Select the account node to open its side panel. The panel shows email, user ID, assigned roles, group memberships, and resource access.
Add a resource to the graph
Select any resource from the side panel. The graph builds out to include that resource node.
Select the resource node
Select the resource node to open a side panel listing the resource instances accessible to that account.
Navigate from a resource instance to an application account
Search for the resource instance
Enter the resource instance name in the search bar. The graph displays all matching resource instance nodes across your applications.
Select the resource instance node
Select the resource instance node to open its side panel, which shows:
- Resource instance - the name of the resource instance
- Resource - the resource this instance belongs to
- Roles - roles that can access this resource instance
- Groups - groups that can access this resource instance
- Application accounts - accounts that have direct access
Add roles or accounts to the graph
Select any role or application account from the side panel to build the graph.
