Platform Fundamentals · Lesson 01

Access Controls in Hoop

Define group-based access to your infrastructure that syncs with your identity provider

6 min·beginner·Platform Engineer

beginner
access-controls
admin
rbac
okta
azure-ad

Chapters

9 sections

01
Introduction to the Hoop control plane
Framing Hoop as a control plane for infrastructure access and introducing the access controls focus of this lesson.
02
Why group-based access matters
The problem with all-or-nothing access in most engineering organizations and how Hoop solves it through identity-provider-integrated groups.
03
Admin perspective: creating a user group
Walkthrough of creating a Platform group in the admin interface and assigning a database resource to it.
04
Identity provider sync
How groups sync from Okta, Azure AD, or Auth0 in production environments via tokens at login.
05
Developer perspective: default-deny in action
Logging in as Teo to confirm zero resources are visible until access is granted.
06
Granting access through group membership
Adding Teo to the platform engineering group and watching the resource appear in his account.
07
Running a query as a developer
Executing a select all users query through the Hoop Web UI and viewing the results.
08
Admin audit review
Reviewing the session in the sessions tab: resource, user, timestamps, query, and results.
09
Recap and what's next
Three takeaways on group-level access, default-deny, and automatic session recording. Preview of the data masking lesson.

What you’ll learn

Outcomes and concepts.

Learning objectives

01Create a user group in the Hoop admin interface and assign infrastructure resources to it
02Add users to groups so they inherit access to assigned resources
03Understand how Hoop hides all resources from users by default until access is explicitly granted
04Run a query as a developer through the Hoop Web UI against a connected database
05Review session activity as an admin, including who ran what query and when

Key concepts

Control plane

Hoop acts as a central control plane for everything interacting with your critical infrastructure, with all activity tracked and monitored.

User group

A collection of users that shares access to the same set of resources. Access is defined at the group level rather than per individual.

Resource

A connected piece of infrastructure such as a database, server, or cloud service that users can interact with through Hoop.

Default-deny model

All connections and resources are hidden from users by default unless an admin explicitly grants access through group membership.

Identity provider sync

In production environments, Hoop groups sync automatically with identity providers like Okta, Azure AD, or Auth0. Group membership arrives with the user's token and Hoop enforces access accordingly.

Session recording

Every action taken through Hoop is automatically recorded and made available in the sessions tab, including the resource accessed, the user, timestamps, the exact query run, and its results.

Watch this lesson

Access Controls in Hoop

Outcomes and concepts.

3 questions. No score, no clock.

You finished the lesson.