Rahmat Hidayat

```diff id: my-policy version: 1 steps: [] + appeal: + allow_cross_individual_user: true ``` we can think of a better name

1. should the `account_id` user be allowed to cancel the appeal as well? 2. need to extend duplicate appeal logic as well. example: if user A created an appeal for...

@ravisuhag not initially, but now the discussion for this also happens in #218

continuing the discussion for this. assuming we have completed these issues: 1. https://github.com/odpf/guardian/issues/246 2. https://github.com/odpf/guardian/issues/206 there are two kind of cases that we want to collect the information of: 1....

for tracking access drift, essentially we only need to track two statuses which are `active_in_provider: true/false` and `status: pending/active/inactive` (active_in_policy/policy_status). While `grant` is only to track the creation of the...

@ravisuhag `grant`, `status`, and `active_in_provider` are in access @mabdh makes sense, I think we can make it equivalent to `access.status: pending/canceled/active/inactive`

#### schema changes ```diff - type Access struct { + type Grant struct { ... - Grant string // policy | import + Source string // appeal | import Status...

```go type ProviderActivity struct { ID string ProviderID string ResourceID string AccountID string Timestamp time.Time // Action correlates with grant role/permissions Action string // read | write | ... //...

@bsushmith @Chief-Rishab 1. having different account types within a group could cause difficulty when creating an appeal, like for example if the group consists of `user` and `serviceAccount` but the...

@bsushmith I think we can put this configuration in appeal config in policy, and set 7,3,1 as the default value