> For the complete documentation index, see [llms.txt](https://docs.balkan.id/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.balkan.id/getting-started/entitlement-discovery/entitlements-discovery.md).

# Entitlements Discovery

## Overview

BalkanID allows you to quickly view entitlement data across multiple systems mapped to the employees or service accounts owners. You can view the information about the following:

* [Applications](https://app.balkan.id/applications) - You can view a list of all applications that you have integrated with your BalkanID tenant. Refer to [Application page for entitlement discovery](/getting-started/entitlement-discovery/applications-entitlements-discovery.md) to understand its usage for entitlement discovery.
* [Connections](https://app.balkan.id/connections) - You can view a list of all connections extracted from various applications. Refer to [Connection page for entitlement discovery](/getting-started/entitlement-discovery/connection-entitlement-discovery.md) to understand its usage for entitlement discovery.
* [Identities](https://app.balkan.id/identities) - You can use this page to see a list of all application identities that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to [Identities page for entitlement discovery](/getting-started/entitlement-discovery/identities-entitlements-discovery.md) to understand its usage for entitlement discovery.
* [Resources](https://app.balkan.id/resources) - You can use this page to see a list of all application resources that have been extracted from various applications that was integrated into your BalkanID tenant. Refer to [Resources page for entitlement discovery](/getting-started/entitlement-discovery/resource-entitlement-discovery.md) to understand its usage for entitlement discovery.

{% embed url="<https://vimeo.com/1009664936?share=copy#t=0>" %}

## Filters <a href="#h_01hprcc6gakg3hqwyxtexemfjq" id="h_01hprcc6gakg3hqwyxtexemfjq"></a>

You can also use filters to easily view select data. This is a powerful tool to partition and isolate entitlement information to narrow down data based on specific attributes. Each page has its own set of attributes to filter data. Refer to [Working with Filters](/getting-started/entitlement-discovery/working-with-filters.md) to get a better understanding of how you can use filters to maximise your entitlement discovery capabilities.

{% embed url="<https://vimeo.com/1009675418?share=copy#t=0>" %}

## Insights <a href="#h_01hpefekgnhav37featqsxdvt5" id="h_01hpefekgnhav37featqsxdvt5"></a>

Utilizing [insights](/insights-and-rules/action-center.md) in BalkanID for entitlement discovery is a powerful tool. Insights include [Terminated Users](/insights-and-rules/entitlement-rules-and-labels/terminated-employee-label.md), [BalkanID Identified Outliers](/insights-and-rules/action-center.md) (Early Access), and Privileged Identities. For more information on these insights and how to utilize them please refer to - [Insights](/insights-and-rules/action-center.md).

## Glossary for entitlement extraction <a href="#h_01hpeg15vcmvydfrffktbvazyk" id="h_01hpeg15vcmvydfrffktbvazyk"></a>

<table data-header-hidden><thead><tr><th width="175"></th><th></th></tr></thead><tbody><tr><td><strong>Project</strong></td><td><em><strong>optional</strong></em> - This is the “project”-level data of organization in your application. This can be a Github organization, Slack organization, AWS account number, Azure directory, Google domain, Okta Site URL, etc. In the sample CSV, this is a Github organization “balkanid”. While optional, it is recommended that you provide Project value. If not provided, the Project value is set to “default”.</td></tr><tr><td><strong>Privilege Name</strong></td><td><em><strong>required</strong></em><strong> -</strong> This represents the name of the <em>action</em>/<em>permission</em>/<em>entitlement</em> a user has on a particular resource. These are typically actions that can be taken on a resource.</td></tr><tr><td><strong>Privilege Value</strong></td><td><em><strong>required</strong></em><strong> -</strong> This is a boolean value assigned to the privilege name. In most cases, these will be “<em>true</em>" meaning that they have the mentioned privilege. <em>False</em> indicates that they don't have the mentioned privilege.</td></tr><tr><td><strong>Connection</strong></td><td><em><strong>optional,</strong></em><strong> required if Connection Type is present</strong> <em>-</em> Connection describes how the identity (identified by the Username) gains the privilege (identified by Privilege Name and Privilege Value) to a resource (identified by Resource and Resource Type). If there is no Connection present, it implies that the user has a direct privilege over the resource.</td></tr><tr><td><strong>Connection Type</strong></td><td><em><strong>optional,</strong></em><strong> required if Connection is present</strong> <em>-</em> Connection Type describes the type of the Connection to a resource. Typical connection types are “role”, “policy”, “group”, but can include others depending on your application authorization structure. If there is no Connection type present, it implies that the user has a direct privilege over the resource.</td></tr><tr><td><strong>Resource</strong></td><td><em><strong>optional,</strong></em><strong> required if Resource Type is present</strong> <em>-</em> This field represents the resource that the user has access to.</td></tr><tr><td><strong>Resource Type</strong></td><td><em><strong>optional</strong></em><strong>, required if Resource is present</strong> <em>-</em> This field represents a useful resource type that groups resources in your application. This can be a Github repository/organization/application, AWS service, a Slack channel, etc.</td></tr><tr><td><strong>Identity</strong></td><td><em><strong>required</strong></em> - This field represents the application identity extracted from the application. For example, your GitHub username may not be the same as your actual name. So your username is an identity.</td></tr></tbody></table>

&#x20;

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.balkan.id/getting-started/entitlement-discovery/entitlements-discovery.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.