Discovery & Assessment

Automated discovery and intelligent analysis of your existing authorization landscape

Discovery & Assessment

Before you can migrate to Fine-Grained Authorization, you need to understand what you’re migrating from. Authonomy’s Discovery & Intelligence engine automatically scans your entire technology stack to map your authorization landscape and assess migration complexity.

What We Discover

πŸ” Application Layer

  • Source code analysis: Permission checks, role definitions, access control logic
  • Framework detection: Spring Security, ASP.NET Authorization, Django permissions, etc.
  • API endpoints: Protected routes and their authorization requirements
  • Configuration files: Security policies, role mappings, permission matrices

πŸ—„οΈ Database Layer

  • User and role tables: Existing RBAC structures and relationships
  • Access control lists: File system permissions, database grants
  • Row-level security: Existing RLS policies and triggers
  • Audit tables: Current logging and compliance tracking

βš™οΈ Infrastructure Layer

  • Identity providers: Connected IDPs and their configurations
  • Application servers: Web server auth modules and middleware
  • Load balancers: Request filtering and routing rules
  • API gateways: Existing authorization policies

πŸ“‹ Policy & Process

  • Business rules: Domain-specific access requirements
  • Compliance requirements: Regulatory constraints and audit needs
  • Organizational structure: Departments, teams, and reporting hierarchies

Intelligence Reports

The discovery process generates comprehensive reports that give you complete visibility into your authorization infrastructure.

Authorization Landscape Map

A visual representation of how permissions flow through your systems:

  • Identity sources and their relationships
  • Application dependencies and trust boundaries
  • Data flow paths and access decision points
  • Permission inheritance and delegation chains

Complexity Assessment

Each system receives a complexity score based on:

  • Authorization model diversity (how many different models you use)
  • Business rule complexity (custom logic and edge cases)
  • System interdependencies (how tightly coupled your authorization is)
  • Technical debt level (how much legacy code needs consideration)

Migration Effort Estimation

Detailed breakdown of migration requirements:

  • High-priority systems requiring immediate attention
  • Quick wins that can be migrated with minimal effort
  • Complex scenarios requiring custom policy development
  • Recommended migration sequence for optimal risk management

Sample Discovery Output

# Sample Authorization Discovery Report
systems_discovered: 12
authorization_models_found:
  - rbac: 8 systems
  - hardcoded: 3 systems  
  - database_acl: 1 system

complexity_scores:
  customer_portal: 8.5/10 (high complexity)
  admin_dashboard: 3.2/10 (low complexity)
  legacy_billing: 9.8/10 (very high complexity)

migration_estimates:
  total_effort: 12-16 weeks
  quick_wins: 2-3 weeks
  complex_systems: 8-10 weeks
  
priority_recommendations:
  - Start with admin_dashboard (quick win)
  - Design policies for customer_portal
  - Plan careful approach for legacy_billing

Ongoing Monitoring

Discovery isn’t just a one-time activity. The platform provides ongoing monitoring to:

  • Track authorization changes as your systems evolve
  • Identify new security gaps before they become problems
  • Monitor migration progress with detailed metrics
  • Alert on policy violations or unexpected access patterns

Getting Started with Discovery

Step 1: Initial Scan

Connect the discovery agent to your development or staging environment:

# Install the discovery agent
curl -sSL https://get.authonomy.io/discovery | bash

# Configure your environment
authonomy discovery configure --environment staging

# Run your first scan
authonomy discovery scan --full-analysis

Step 2: Review Results

Access your personalized discovery dashboard to:

  • Review the authorization landscape map
  • Understand complexity assessments
  • Download detailed migration estimates

Step 3: Plan Your Migration

Use the intelligence reports to:

  • Prioritize which systems to migrate first
  • Understand resource requirements
  • Plan your migration timeline
  • Identify potential roadblocks

Discovery Best Practices

🎯 Start Comprehensive

Run discovery against all environments (dev, staging, prod) to get a complete picture. Different environments often have different authorization configurations.

πŸ”„ Regular Refresh

Re-run discovery periodically as your systems evolve. New applications, configuration changes, and business rule updates all affect migration complexity.

πŸ‘₯ Cross-Team Collaboration

Include security, compliance, and application teams in discovery review sessions. Each team brings different perspectives on authorization requirements.

πŸ“‹ Document Edge Cases

Use discovery reports to identify and document unusual authorization patterns that may require custom policy development.

Security & Privacy

All discovery operations are designed with security in mind:

  • Read-only access: Discovery never modifies your systems
  • Encrypted transmission: All data is encrypted in transit and at rest
  • Minimal footprint: Lightweight agents with minimal system impact
  • Audit logging: Complete audit trail of discovery activities

Next Steps

Once you understand your authorization landscape, move on to Policy Translation & Modeling to start designing your modern FGA policies.

Ready to discover your authorization landscape? Start your assessment or schedule a consultation with our migration experts.