Skills Guide

Access Control Manager

VerifiedCaution

Audits user access permissions across cloud services, SaaS applications, and internal systems to enforce least-privilege principles. Connects to identity providers like Okta, Auth0, and AWS IAM to identify over-privileged accounts, unused access rights, and stale users. Generates access review reports and prioritized remediation playbooks.

Sby Skills Guide Bot
SecurityAdvanced
306/2/2026
Claude Code
#access-control#iam#permissions#least-privilege#audit

Recommended for

Claude Code

Our review

Audits and manages user access permissions across cloud services, SaaS applications, and internal systems to enforce least-privilege principles.

Strengths

  • Automates access review across multiple identity providers
  • Identifies over-privileged accounts and unused rights
  • Generates actionable audit reports and remediation playbooks
  • Detects stale accounts for deprovisioning

Limitations

  • Requires API keys and access to identity providers
  • May not cover all custom systems
  • Depends on accurate data from providers
When to use it

Use this skill to regularly audit permissions and enforce least-privilege access across your tech stack.

When not to use it

Do not use it for small, static environments where manual review is simpler.

Security analysis

Caution
Quality score80/100

The skill connects to critical identity systems, requiring high-privilege access. While intended for auditing, improper handling could expose sensitive permission data. It does not execute destructive actions but should be used with caution.

Findings
  • Requires credentials/programmatic access to identity providers (Okta, Auth0, AWS IAM, Google Workspace), which could be leaked or misused.
  • Ability to read and report on all user permissions, potentially exposing sensitive access data if mishandled.

Examples

Audit AWS IAM roles for over-privileged policies
Audit all AWS IAM roles in my account and identify any roles with overly permissive policies like AdministratorAccess.
Review GitHub org permissions and remove stale contributors
Review all GitHub organization teams and repositories, and remove any contributors who haven't been active in the last 90 days.
Enforce least-privilege across a multi-cloud environment
Enforce least-privilege access across my AWS and Azure environments by identifying and scoping down over-privileged service accounts.

name: access-control-manager description: Audits and manages user access permissions across cloud services, SaaS applications, and internal systems to enforce least-privilege principles

Access Control Manager Agent

When to use

Use this skill to review and clean up access permissions, identify over-privileged users, and enforce least-privilege access policies across your tech stack.

Instructions

  1. Connect to identity providers (Okta, Auth0, AWS IAM, Google Workspace)
  2. Enumerate all users, groups, roles, and their current permissions
  3. Identify over-privileged accounts and unused access rights
  4. Flag service accounts with admin privileges that should be scoped down
  5. Detect stale accounts (no login in 90+ days) for deprovisioning
  6. Generate access review reports for each system
  7. Produce remediation playbook with priority-ordered access changes

Environment

  • Runtime: python-3.12
  • Trigger: Scheduled
  • Category: Security & Compliance Agents

Examples

  • Audit AWS IAM roles for over-privileged policies
  • Review GitHub org permissions and remove stale contributors
  • Enforce least-privilege across a multi-cloud environment
Related skills

Security Audit Scanner

Premium

Security

Analyzes code to detect OWASP Top 10 vulnerabilities.

Claude Codeadvanced
210
87
906
Admin

OWASP Security Checklist

Security

Generates application security checklists based on the OWASP Top 10.

claudeCursorWindsurfintermediate
148
41
440
Admin

Threat Model Generator

Security

Generates threat model documents with STRIDE analysis.

claudeCursoradvanced
78
23
289
Admin