# JITPBAC **What is JITPBAC?** JITPBAC (Just-in-Time Purpose-Based Access Control) is a dynamic and purpose-driven access control framework designed to enhance security and operational efficiency by provisioning access to identities in Cloud, SaaS applications only when it is explicitly required and for a defined period of time. The model reduces the exposure of sensitive resources to potential threats, particularly when credentials are compromised, by adhering to the principle of least privilege. **Key Features of JITPBAC** 1. **Default Deny Policy (Zero Trust)**: Identities have no access by default. Access is provisioned only through assigned Purposes, ensuring strict access control. 2. **Purpose-Centric Access**: Access is organized under **Purposes**, which define specific combinations of users, resources, and temporal access windows. 3. **Eligibility and Approval**: Identity owners must request access to a Purpose and provide supporting details (e.g., duration, time of use). Approval from a risk manager is required to ensure compliance with organizational policies. 4. **Automated Provisioning and De-provisioning**: Access is automatically provisioned at the start of a defined time window and de-provisioned at its end. Notifications are sent before de-provisioning to allow extensions if permitted. 5. **Constraints for Enhanced Security**: Constraints define rules that limit or restrict access based on organizational policies or specific conditions. Purposes and Constraints are interdependent to prevent violations. {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.balkan.id/lifecycle-management/jitpbac.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.