Intro: Pending Changes
© 2025 Sonrai Security. All rights reserved.
Overview
Within the "Pending Changes" page, you will see a listing of all changes proposed by all members of your organization who are actively working within the Cloud Permissions Firewall (CPF).
While reviewing the pending changes, it can be useful to ask yourself probing questions like:
Did I select a change I'd rather not make after all?
Is this change set at the right scope? (i.e. for this one account rather than my entire organization, or vice versa)
What Kinds of Entries Will I See?
Service Blocks
(i.e. when you disable a service from use by all identities)
Service Protections
(i.e. when you restrict the use of a service to identities actively using the permissions)
Identity Exemptions
(i.e. when you exempt a user from a service protection (Example: new users, break-glass accounts, etc.))
What is the Process Flow?
The process to make these changes a reality is very straightforward from review within the Cloud Permissions Firewall UI to deployment in your cloud, but you do always have the ability to discard changes and circle back at any point, if required.
It's recommended to review your pending changes before deploying the CloudFormation template within your cloud:
-
Once ready, click on the button to initiate the CloudFormation json download
- Note: This does NOT deploy any changes!
- Deploy the CloudFormation template in your cloud
If you decide you'd rather not action these changes:
- Click the trash can icon to remove individual entries from the "Pending Changes" list
- Click the to discard all of the listed pending changes