Cross-Feature Integration
Access Optimization works seamlessly with other StratoLens features to provide comprehensive access analysis and remediation workflows. Understand how to navigate between features and combine their capabilities for maximum insight.
Four Key Integrations
- Role Assignments: Complete RBAC inventory with cross-navigation to optimization findings
- Activity Explorer: Detailed evidence and operation history for optimization decisions
- Access Health Dashboard: High-level metrics and trend monitoring for executive reporting
- Change Detection: Historical context for understanding assignment lifecycle and decisions
Role Assignments
- Relationship
- Access Optimization extends Role Assignments with activity correlation and optimization detection. Role Assignments shows what access exists (complete RBAC inventory); Access Optimization shows how access is used (activity-based optimization opportunities).
Navigation Patterns
From Access Optimization
Click "View in Role Assignments" button in detail panel → Opens Role Assignments filtered to the selected principal
From Role Assignments
(Future enhancement) "View Optimization" button could navigate to Access Optimization
Both Features
Clicking a principal name in either feature can cross-navigate with principal filter applied
Combined Use Case: Audit Preparation
Investigating Access Issues
When investigating an access issue or preparing for an audit:
Step 1: Start in Role Assignments
- See all assignments for a principal, including those without optimization findings
- Identify role types, scopes, and assignment dates
- Understand total RBAC footprint
Step 2: Switch to Access Optimization
- See which assignments are unused, stale, over-privileged, or over-scoped
- Review activity evidence and usage patterns
- Get specific remediation recommendations
Alice's Access Review
During quarterly audit, you need to review Alice's access:
Role Assignments
Shows Alice has 15 role assignments across 8 subscriptions (complete inventory)
Access Optimization
Shows 6 of those 15 assignments have optimization findings (unused, stale, over-scoped)
Insight
9 assignments are healthy (active usage, appropriately scoped); focus remediation efforts on the 6 flagged assignments
Activity Explorer
- Relationship
- Activity Explorer provides detailed evidence for Access Optimization findings. Access Optimization flags optimization opportunities; Activity Explorer shows the raw activity data that supports those findings.
Navigation and Pre-Applied Filters
From Access Optimization Detail Panel
Click "View in Activity Explorer" button to automatically apply:
- Principal name (user filter)
- Time window (start/end dates matching optimization analysis period)
- Subscription context (if available from assignment scope)
Combined Use Case: Role Downgrade Decision
Determining Appropriate Role
When reviewing an over-privileged finding and determining the appropriate role downgrade:
1. Access Optimization Finding
"User has Owner role but zero RBAC operations"
2. Navigate to Activity Explorer
Click "View in Activity Explorer" to see detailed operation history
3. Activity Explorer Reveals
- 45 Create operations (virtual machines, storage accounts)
- 23 Update operations (configuration changes)
- 0 Delete operations
- 0 RBAC operations (no role assignments or permission management)
4. Conclusion
User needs Contributor role (create/update resources) but not Owner (no RBAC management)
5. Document Decision
Return to Access Optimization and document: "Downgrade from Owner to Contributor - user performs resource management but no permission management"
Over-Scoped Investigation
Scenario: Investigating why Alice is flagged as over-scoped
Access Optimization: Shows Alice has Contributor on subscription with 200 resources, but only 15 resources show activity (7.5% scope efficiency)
Activity Explorer: Shows all 45 operations Alice performed are on resources in resource group "Production-WebApps"
Insight
Rescope Alice from subscription-level Contributor to resource group "Production-WebApps" Contributor
Remediation
Update Alice's role assignment to narrower scope
Access Health Dashboard Widget
- Relationship
- The Access Health widget on the main Dashboard shows high-level metrics from Access Optimization, including total principals flagged and breakdown by principal type (users, service principals, groups with optimization findings).
Navigation Patterns
From Dashboard
Click the Access Health widget card → Navigates to Access Optimization
If widget shows breakdown by principal type (e.g., "12 Users, 5 Service Principals"), clicking may pre-filter by that principal type
From Access Optimization
Return to Dashboard to see overall access health trend
Combined Use Case: Trend Monitoring
Monitoring Access Health Over Time
Monitoring access health over time and responding to increases:
1. Dashboard Weekly Check
Access Health widget shows "18 principals with optimization findings" (up from 12 last week)
2. Navigate to Access Optimization
Click widget to navigate to Access Optimization
3. Review New Findings
- Filter by Time Window: 7 days to focus on recent changes
- Sort by Most Optimizations to prioritize
4. Identify Root Cause
- New user onboarded with overly broad access → Fix onboarding template
- Resource migration created redundant assignments → Clean up post-migration
- Seasonal worker hasn't accessed resources in 30 days → Expected, document exception
5. Verify Improvement
Remediate issues and return to Dashboard on next scan. Success: Widget shows "14 principals with optimization findings" (down from 18)
Executive Reporting
Monthly executive report: Include Access Health widget screenshot showing trend
January
25 flagged principals
February
18 flagged (28% improvement)
March
14 flagged (22% improvement)
Narrative
"Continued progress on least-privilege enforcement with 44% reduction in flagged principals over Q1 through systematic remediation of unused and over-scoped access"
Change Detection
- Relationship
- Change Detection tracks when role assignments are added or removed. Access Optimization helps you decide what to change; Change Detection shows when changes occurred and provides historical context.
Navigation Workflow
1. Note Principal from Access Optimization
Note a principal/role/scope combination that needs remediation
2. Navigate to Change Detection
Navigate to Change Detection (separate navigation)
3. Filter for RBAC Changes
Filter for RBAC changes on that specific scope or principal
4. Review Timeline
Review the timeline of assignment modifications
Combined Use Case: Historical Context
Understanding Assignment History
Understanding the history of a flagged assignment before removal:
1. Access Optimization Finding
"Bob has Contributor on subscription Production-Legacy with zero activity in 365 days"
2. Question
"When was this granted and why?"
3. Navigate to Change Detection
Filter: RBAC changes, Subscription "Production-Legacy", Principal "Bob"
4. Change Detection Reveals
Assignment created 3 years ago, no modifications since
5. Investigation & Decision
- Check with Bob's manager: Role was for a project that completed 2 years ago
- Decision: Safe to remove (project long complete, no activity)
- Return to Access Optimization and proceed with removal
Evaluating New Assignments
Scenario: Evaluating a newly detected unused assignment
Access Optimization: Shows unused access flagged today
Check assignment Assigned date: Shows "Created December 15, 2024" (2 weeks ago)
Insight
Brand new assignment, unused status may be expected (user hasn't needed to use it yet)
Decision
Don't remove immediately, set reminder to review again in 90 days
Change Detection
Confirms assignment was just created, not a long-standing unused permission
Timeline Analysis
When Was Access Actually Needed?
Access Optimization: "Last Used: March 10, 2024" (9 months ago)
Change Detection: Assignment created "January 5, 2023" (2 years ago)
Analysis
User actively used access for ~15 months (Jan 2023 - Mar 2024), then stopped
Investigation
Check with user - did they change roles in March 2024?
Result
User transferred to different team in March, access no longer needed, safe to remove