Skip to main content

Navigating Cloud Permissions Firewall

One-Click Least Privilege. Zero Disruption.



© 2026 Sonrai Security. All rights reserved.

Overview

The Cloud Permissions Firewall (CPF) sidebar organizes navigation into four sections, making it easy for you to find the features you need based on what type of work you are doing.

tip

Some actions are accessible from within individual pages rather than directly from the sidebar — see Services Page Menu and User Profile below.

The Cloud Permissions Firewall sidebar navigation showing the Controls, Workflow, Utilities, and Manage sections.The Cloud Permissions Firewall sidebar navigation showing the Controls, Workflow, Utilities, and Manage sections.

  1. Controls — Controls let you view and manage service protections, access controls, and Just-in-Time (JIT) access for identities across your cloud environment.

    • Services — View all cloud services; enable, disable, or protect services and manage identity exemptions.
    • Third Parties — View and manage access controls for third-party integrations detected in your cloud.
    • Custom Controls — Create and manage custom permission control policies.
    • Threat Vectors — View and address identified threat vectors in your cloud.
    • Just-in-Time — Configure and manage Just-in-Time (JIT) access for temporary privilege escalation.

  2. Workflow — Workflow lets you manage the approval and deployment lifecycle for permission changes requested through CPF.

    • Approvers — Add and manage Permissions on Demand (PoD) approvers at each scope.
    • Requests — Review and act on incoming Permissions on Demand requests.
    • Pending Changes — Review and deploy policy changes staged by CPF.

  3. Utilities — Utilities gives you access to reporting tools, an AI assistant, and advanced search capabilities.

    • Reporting — Generate and download reports on cloud permission status and activity.
    • WALLy — Interact with the CPF AI assistant to explore cloud data and stage changes.
    • Explorer — Run advanced searches across your cloud data using a visual query builder.

  4. Manage — Manage lets you administer CPF users and configure the cloud accounts connected to your deployment.

    • Users — View and manage CPF user accounts, roles, and access.
    • Accounts — Add and configure AWS and GCP accounts onboarded to CPF.

Services Page Menu

From the Services page, click the menu icon in the upper-right area of the page to access:

  • Quarantine List — Review identities currently in quarantine due to zombie or suspicious activity status.
  • Exempt at Scope — Add a scope-level exemption for a specific identity.
  • Unprotect as Scope — Remove a service protection at a specific scope.
  • Regions — View and manage which AWS regions are in scope for your CPF deployment. See Regions for details.
The Services page menu showing the Quarantine List, Exempt at Scope, Unprotect at Scope, and Regions options.The Services page menu showing the Quarantine List, Exempt at Scope, Unprotect at Scope, and Regions options.

User Profile

To access your personal account settings, click your user icon in the top-right corner of the CPF interface and select User Profile. See User Profile for details on managing roles, notification exemptions, and account settings.

The user icon in the top-right corner of the CPF interface, showing the User Profile menu option.The user icon in the top-right corner of the CPF interface, showing the User Profile menu option.