Access Graph

Expanded Definition

An access graph is a relationship model that shows how an identity can reach a resource through permissions, roles, group membership, tokens, secrets, API paths, and delegated actions. In NHI governance, it is more practical than reviewing isolated accounts because it exposes the full chain of access.

That chain matters when an AI agent, service account, or automation workflow can act across multiple systems. A graph can show whether a credential is directly entitled, indirectly entitled through RBAC, or effectively overpowered because of inherited privileges. This is why the term is often used alongside OWASP Non-Human Identity Top 10, which frames access sprawl and weak secret controls as recurring risks. In practice, definitions vary across vendors on whether an access graph includes only static entitlements or also runtime behavior and observed tool use.

NHI Management Group recommends treating the access graph as a governance view, not just a visualization layer. The most common misapplication is limiting it to user-to-app relationships, which occurs when teams ignore indirect paths through service accounts, nested roles, and exposed secrets.

Examples and Use Cases

Implementing access graphs rigorously often introduces data-quality and integration overhead, requiring organisations to weigh visibility gains against the cost of connecting identity, application, and secrets sources.

• A security team maps an AI agent to the APIs, vaults, and queues it can reach, then removes an unnecessary path exposed through a shared service account.
• An auditor traces how a CI/CD token inherited write access through a role chain, using the graph to prove the privilege was indirect rather than explicit.
• An incident responder uses the graph to identify which databases were reachable after a secrets leak, then prioritises containment by blast radius.
• A platform team compares the graph before and after a PAM or JIT change to confirm that standing access was removed without breaking automation.
• A governance lead reviews Ultimate Guide to NHIs alongside the graph to validate whether visibility gaps are hiding exposed service accounts.

For deeper context on why these paths matter, 52 NHI Breaches Analysis shows how compromised identities often become operational footholds through overlooked entitlements. The graph is especially useful when paired with OWASP Non-Human Identity Top 10 because both emphasise the practical attack paths that simple inventory reports miss.

Why It Matters in NHI Security

Access graphs matter because NHI risk is usually not caused by a single credential alone, but by the combination of broad entitlements, stale secrets, and weak visibility into who or what can act on behalf of something else. NHI Management Group research shows that only 5.7% of organisations have full visibility into their service accounts, which makes path-based analysis essential rather than optional.

This is also where the access graph connects to governance outcomes. The Ultimate Guide to NHIs — Key Challenges and Risks highlights how excessive privileges, third-party exposure, and poor rotation practices compound each other. When paired with runtime checks inspired by OWASP Non-Human Identity Top 10, the graph helps teams decide where to enforce least privilege, where to remove standing access, and where to insert approvals or JIT controls.

Organisations typically encounter access graph urgency only after a breach, misused token, or unexpected lateral movement event, at which point the reachable path model becomes operationally unavoidable to address.

Related resources from NHI Mgmt Group

• Non-Human Identity Access Management
• What is Just-in-Time (JIT) access and why is it important for NHI security?
• When is it crucial to implement least-privilege access for AI agents?
• How should security teams run access reviews for non-human identities?