What are resources?
In C1, a resource represents any object within an application. Think of resources as the specific items you want to manage access for. Common examples of resources include:- Roles
- Groups
- Permission sets
- Profiles
- Licenses
- S3 buckets
What is the Credential resource?
Every application managed within C1 includes a unique default resource known as the Credential resource. This resource always contains exactly one entitlement, called Access. The Credential resource represents the fundamental ability to have an account within that specific application. The Access entitlement is used to reference and manage accounts associated with the application. This design allows C1 to uniformly manage both accounts and general application access as if they were standard resources and entitlements. Example use cases:- Making new accounts requestable: To allow users to request new accounts within an application, configure the access controls directly on the Access entitlement of the application’s Credential resource.
- Running account-level access reviews: If you need to perform an access review for all users who possess any account within a particular application, select the application’s Credential resource as the target for the review.
Creating resources
Most resources in C1 are created automatically when application data is ingested. Our connectors are designed to identify and synchronize essential resources (such as roles, groups, and permissions) from your connected applications directly into C1. This automated process ensures that your resource inventory is always up to date. In specific scenarios where a resource cannot be automatically ingested (such as for custom or non-standard objects), resources can be created manually. You can do this via the C1 API or by creating a virtual entitlement.Customize columns and export to CSV
Use Configure columns in the Resources table header to adjust which columns are visible — toggle columns on or off and drag to reorder. Your layout is saved automatically. To export resources data to CSV, click Generate CSV above the Resources table. The Download to CSV drawer opens where you can choose which columns to include before generating the file.Managing resources
Once resources are in C1, you can manage their associated metadata, even if they were automatically ingested by a connector. To manage a resource, navigate to the resource’s details page: From the resource detail page, you can rename the resource, update its owners, and change the resource’s description.Rename the resource
If you change the name of the resource, C1 will remember and persist this change through future connector syncs, but the new name will not be written back to the connected application. To change the resource name:On the resource’s details page, click on the current resource name. This transforms the name into an editable text box.
Change resource owners
Resource owners can be the target of policy approval steps. For example, a policy might require a resource owner to approve an access request for sensitive data or roles. You can add individual users as owners, or assign any entitlement — a group, a role, or any other entitlement — as an owner. When you assign an entitlement, everyone currently holding it becomes an owner automatically, and ownership stays current as membership changes. You can add up to 32 direct user owners and up to 32 entitlements as owners on each resource. To edit the resource owner:Change resource description
By default, resource description are auto-generated to provide a basic explanation of their functionality, but you can edit these default descriptions to provide more tailored information. Resource descriptions are displayed to users during access reviews. To edit the resource description:View a resource’s grants
A grant signifies that an application account has been explicitly assigned an entitlement (a specific access right) on a resource. Viewing grants allows you to see who currently has access to a particular resource. To view the a resource’s current grants:
This tab displays a comprehensive list of all accounts that have been assigned entitlements for this resource. You can filter this list by account type and status.
Resource visibility controls
Resource visibility controls let you determine which C1 users can see a resource and its entitlements in the admin interface — for example, on the Apps > Resources page and in search results. By default, resources are visible to all C1 users in your organization. A common use case is hiding sensitive resources from lower-privileged admin users. For example, you might restrict visibility on resources related to production infrastructure, privileged roles, or restricted data so that only designated owners or Super Admins are aware they exist.Users with the Super Admin role can always see all resources and entitlements, regardless of visibility settings.
Visibility options
| Setting | Who can view the resource |
|---|---|
| Everyone | All users in your organization can see the resource and its entitlements. This is the default setting. |
| Members | Users who have been granted any entitlement on this resource. Owners of this resource, owners of any entitlement on this resource, and the parent app owner can also see it. |
| Owners | Only the owner of this specific resource, owners of entitlements on this specific resource, and the parent app owner. |
Set resource visibility
Under Access configuration, select a visibility option:
- Everyone: All users in your organization can see the resource and its entitlements. This is the default.
- Members: Only users who hold an entitlement on this resource can see it, along with the resource owner, any entitlement owners on this resource, and the parent app owner. Use this when the resource should be visible to those who already have access, but not discoverable by others.
- Owners: Only the resource owner, entitlement owners on this resource, and the parent app owner can see it. Members cannot see the resource even though they have access to it. Use this for highly sensitive resources where membership itself should not be visible.
Delete a resource
You can delete manually created resources from C1. To delete a manually created resources:
You’ll be asked to confirm your action before you proceed.