Skip to content
cognixia-logo-white-text
  • Contact
  • Profile
  • Approach
  • Companies

    Cognixia Approach Uncover skill gaps in your human capital, acquire agile training solutions, and plot your roadmap to a future-proofed workforce. Get Started Workforce Transformation Enterprise digital empowerment starts with a digitally-enabled workforce. Discover how Cognixia can deliver the right mix of skills to your talent. Transform Now Hire Skilled Talent Transform your talent acquisition…


    Know More
    Quick Link
    CompaniesCompanies
    Companies
    • Workforce Transformation

      Upskill your existing workforce with our digital training solutions Hire digitally native talent to solve your? digital needs Rewire by Cognixia Full team of industry veterans as trainers Customized training solutions to suit the needs of companies 24/7 support for learners anywhere in the world Course completion certification A globally-recognized certificate after course completion. Hands-on…


      Know More
      Quick Link
      Workforce TransformationWorkforce Transformation
      Workforce Transformation
    • Hire Skilled Talent

      Hire digitally native talent to solve your digital needs Skills Attitude Assessments Mindset Assessments Location Based To know more about JUMP Contact Us


      Know More
      Quick Link
      Hire Skilled TalentHire Skilled Talent
      Hire Skilled Talent
  • Individuals

    Upgrade Your Digital Skills Specialize your talents, learn new skills and stay indispensable to your organization with Cognixia’s upskilling programs. Learn More   ❱ Get Hired Fast-track your path to career growth with thousands of fresh opportunities and find the job you’ve always dreamed of. Learn More   ❱


    Know More
    Quick Link
    IndividualsIndividuals
    Individuals
    • Upgrade Your Digital Skills

      Enhance your digital skillset with our robust course offering Direct mentorship with experienced instructors Classroom, virtual, self-paced and hybrid learning modes Lifetime access to all training materials To know more on what course you should pick Contact Us


      Know More
      Quick Link
      Upgrade Your Digital SkillsUpgrade Your Digital Skills
      Upgrade Your Digital Skills
    • Get Hired

      Apply today to launch your digital career Apply Get Trained Location Based To know more about JUMP Contact Us


      Know More
      Quick Link
      Get HiredGet Hired
      Get Hired
  • Courses

    Dive into the latest technology frameworks and business paradigms to build a future-proofed career


    Know More
    Quick Link
    CoursesCourses
    Courses
    • Industry

      • Global Aviation
      • Global Automobile
      • Global BFSI
      • Global E-commerce
      • Global Food-tech
      • Global Healthcare
      • Global Media and Entertainment
      • Global Oil and Gas
      • Global Pharmaceutical
      • Global Telecommunication

      Know More
      Quick Link
      IndustryIndustry
      Industry
    • Application Development

      • Python v3.7
      • Self-Paced Python Developer Training
      • Self-Paced Java Programming Training

      Know More
      Quick Link
      Python v3.7Python v3.7
      Application Development
    • Big Data and Analytics

      • CouchDB
      • Self-Paced Analytics with R
      • Self-Paced Big Data Hadoop Administrator Training
      • Self-Paced Big Data Hadoop Developer Training

      Know More
      Quick Link
      Cassandra DeveloperCassandra Developer
      Big Data and Analytics
    • Business Intelligence

      • QlikView
      • Microstrategy

      Know More
      Quick Link
      MicrostrategyMicrostrategy
      Business Intelligence
    • Cloud and DevOps

      • Cloud Development Professional Training
      • Advanced Ansible Training
      • DevOps Training
      • Advanced DevOps Training
      • GCP- Google Cloud Platform
      • DevOps Plus Training
      • Cloud Computing with AWS Training

      Know More
      Quick Link
      DevOps Plus TrainingDevOps Plus Training
      Cloud and DevOps
    • Cyber Security

      • Cyber Crime and Cyber Security Training
      • Self-Paced Linux Administration Training

      Know More
      Quick Link
      Cyber Crime and Cyber Security TrainingCyber Crime and Cyber Security Training
      Cyber Security
    • Development

      • Docker and Kubernetes Bootcamp
      • FULL Stack (MEAN) Developer Training
      • Google Certified Android App Development Training
      • Blockchain Training
      • Apache Spark & Scala Training
      • Big Data Hadoop Administrator Training
      • Big Data Hadoop Developer Training

      Know More
      Quick Link
      Docker and Kubernetes TrainingDocker and Kubernetes Training
      Development
    • Internet of Things

      • Internet of Things Security Expert Training
      • IoT Analytics Training
      • Internet of Things (IoT) with Amazon Web Services (AWS)
      • IoT Security Training
      • Self-Paced Internet of Things
      • Azure IoT

      Know More
      Quick Link
      Internet of Things (IoT) TrainingInternet of Things (IoT) Training
      Internet of Things
    • ITIL® and IT Service Management

      • ITIL® 4 Awareness
      • ITIL® Service Operations
      • ITIL® Foundation (v3, 2011)
      • ITIL® 4 Foundation
      • ITIL® Service Design

      Know More
      Quick Link
      ITIL® 4 FoundationITIL® 4 Foundation
      ITIL® and IT Service Management
    • Java/J2EE

      • Web Services
      • Spring Cloud
      • Node.js
      • Angular.JS
      • Spring Boot

      Know More
      Quick Link
      Spring BootSpring Boot
      Java/J2EE
    • Machine Learning and Analytics

      • Tableau Training
      • Machine Learning, AI, & Deep Learning Training
      • Machine Learning with Python and R
      • Advanced Machine Learning with Deep Learning Training
      • Machine Learning with Python Training

      Know More
      Quick Link
      Machine Learning with Python TrainingMachine Learning with Python Training
      Machine Learning and Analytics
    • Management

      • PMP Training
      • Certified Scrum Master Training
      • Six Sigma Black Belt Training
      • Six Sigma Green Belt Training

      Know More
      Quick Link
      PMP TrainingPMP Training
      Management
    • Microsoft Technologies

      • AZ-300: Microsoft Azure Architect Technologies
      • AZ-104: Microsoft Azure Administrator
      • AZ-103: Microsoft Azure Administrator
      • AZ-101: Microsoft Azure Integration & Security
      • AZ-100: Microsoft Azure Infrastructure & Deployment

      Know More
      Quick Link
      AZ-104: Microsoft Azure AdministratorAZ-104: Microsoft Azure Administrator
      Microsoft Technologies
    • Mobile

      • Self Paced Android App Development

      Know More
      Quick Link
      React NativeReact Native
      Mobile
    • Web Technologies

      • React.js
      • Knockout.js
      • JavaScript & Ajax
      • HTML5 AND CSS3
      • Ember.JS
      • Backbone.js

      Know More
      Quick Link
      HTML5 AND CSS3HTML5 AND CSS3
      Web Technologies
  • Events


    Know More
    Quick Link
    EventsEvents
    Events
    • Master Class


      Know More
      Quick Link
      Master ClassMaster Class
      Master Class
    • Webinars


      Know More
      Quick Link
      WebinarsWebinars
      Webinars
    • Workshops


      Know More
      Quick Link
      WorkshopsWorkshops
      Workshops
  • Resources


    Know More
    Quick Link
    ResourcesResources
    Resources
    • Blog


      Know More
      Quick Link
      BlogBlog
      Blog
    • Podcast


      Know More
      Quick Link
      PodcastPodcast
      Podcast
    • Tech News


      Know More
      Quick Link
      Tech NewsTech News
      Tech News
  • About

    Mission To bring about a shift in the mindsets of people and enterprises through future-proofed, digitally-ready talent solutions. We shape the future by grooming the next generation of disruptors, innovators and leaders and aim to bridge the global supply/demand gap in the number of digital-ready professionals who are skilled in the technologies of tomorrow.


    Know More
    Quick Link
    AboutAbout
    About
    • Awards

      Cognixia creates some of the most comprehensive and relevant online learning experiences for professionals in nearly every field imaginable. And we’re proud to be recognized for the passion and dedication that we bring to thousands of lives.


      Know More
      Quick Link
      AwardsAwards
      Awards
    • Careers

      Apply for a dream career at Cognixia. Join our global team of thought leaders and educators as we transform people and companies. Think you could add something we have missed? Why not submit your CV and a covering letter?


      Know More
      Quick Link
      CareersCareers
      Careers
    • Our Culture

      Disciplined in performance Responsive in approach Passionate to achieve Competitive to succeed Industrious from start to finish


      Know More
      Quick Link
      Our CultureOur Culture
      Our Culture
    • Locations


      Know More
      Quick Link
      LocationsLocations
      Locations
    • Referrals

      Success tastes best when shared. Tell us about a friend, colleague or a family member, who might be interested in pursuing a career in digital technologies or transforming their workforce.


      Know More
      Quick Link
      ReferralsReferrals
      Referrals
  • Contact
  • Cart
  • Profile
Search Course
banner

What are Granular Access Tokens and why is everybody talking about them?

HomeResourcesBlogPodcastWhat are Granular Access Tokens and why is everybody talking about them?
November 28, 2022 | Podcast
Read Time: 06:46

Hello everybody and here we are with a brand-new episode of your favorite Cognixia Podcast. We have been doing this for quite many weeks now and we are super grateful for all the love and support we have been receiving from all of you, it means a lot to us. So, thank you for listening to us every week, we really appreciate it!

Back to today’s episode. This week, we discuss something that we hear a lot of people talking about in the past 2-3 weeks – Granular Access Tokens. In this episode, we will talk about what are granular access tokens, what they do, and why they are important.

Before we tell you what these Granular Personal Access Tokens are, let us tell you why everybody is talking about them. Microsoft is introducing granular personal access tokens for its Azure DevOps REST APIs to limit the risks and damages when access credentials are leaked or stolen. Now, some weeks back, the renowned cybersecurity firm – Praetorian came out with details on how their researchers accessed the internal corporate networks of companies using GitHub, an entity owned by Microsoft, for their CI/CD tools. The researchers were able to compromise the access to GitHub using an accidentally leaked PAT. Now, this was done by the researchers of the Praetoria, but if it hadn’t been done by some unscrupulous cybercriminals, it could be a major problem for the companies whose networks got compromised. According to Praetoria’s report, there are multiple ways in which developers could compromise a personal access token – they could fall victim to a phishing scam, or their devices could get compromised, or they might mistakenly include the PAT in the command-line logs!

What some say is a response in this regard, Microsoft is bringing forth these fine-grained personal access tokens. So, what are these personal access tokens?

Personal Access Tokens or PATs are alternatives to passwords and are used for authenticating the identity of someone accessing a system or website. They are also used to authenticate the identities of the developers using the various APIs and scripts on a platform. In this particular case, the personal access tokens are used to authenticate users and developers into Azure DevOps. A personal access token would have a lot of information embedded into it.

In the case of Azure DevOps, the personal access tokens would contain information about an individual’s security credentials which would help the system identify the individual as well as provide other information such as the organizations that they have access to & the scope of every access. But with evolving systems and safeguards, cybercriminals tend to switch tactics too, focusing increasingly on stealing access credentials to corporate networks instead of just compromising systems. This makes safeguarding the tokens also an important task. This is where the granular personal access tokens become important. The Azure DevOps team has created a granular PAT scope for all its Azure DevOps REST APIs. Coupled with the OAuth2, this would enable organizations to limit the accesses that get granted to every personal access token.

We need to mention one thing here, personal access tokens have been around for quite a bit now, what is the highlight here is that the scope has now been refined. Earlier, some of the Azure DevOps REST APIs were not associated with a PAT scope, which caused users to deploy full-scoped personal access tokens to use the APIs. This was a high-risk task since if the full-scoped PAT fell into the hands of a malicious entity, it would possess a significant security risk to the enterprise, exposing their source code production infrastructure, as well as so many other valuable assets of the organization to attack.

Microsoft has urged its users to migrate away from the full-scoped personal access tokens to the granular ones as soon as possible to limit unnecessary accesses. It has also been suggested that organizations adopt a control plane policy which would also place appropriate restrictions on the creation of the full-scoped APIs in the enterprise.

What are Granular Access Tokens and why is everybody talking about them?

 

Not just Azure DevOps, a similar move has also been made by GitHub back in October, by introducing a public beta of the fine-grained PATs. In the case of GitHub, the fine-grained personal access tokens enable or disable permissions from a set of more than 50 granular permissions which control the access to GitHub’s organization, user, and repository APIs. Every permission can be granted on a ‘no access’, ‘read’, or ‘read and write’ basis. Additionally, fine-grained personal access tokens also expire. They also do not have access to all the repositories that a user can access.

With time, personal access tokens have evolved too. Earlier, the PATs were relatively more coarse-grained, giving access to all repositories and organizations which were accessible to token’s users, without any associated control or visibility of what was happening to the user’s organizations. Over time, there was a need to change this and the personal access tokens have gotten significantly finer-grained now.  These finer-grained personal access tokens deliver a more granular control to the developers, especially about permissions and repository accesses. It also puts the organization’s administrators in control of what’s happening, which is essential. With the fine-grained personal access tokens, administrators can put in place appropriate approval policies while getting full visibility of the access tokens that are using their organization’s resources.

To sum up, fine-grained personal access tokens offer enhanced security to developers and organization owners, to reduce the risk to your data of compromised tokens. While the push is to embrace the new fine-grained personal access tokens, the existing coarse-grained personal access tokens are still fully supported and are not referred to as personal access tokens (classic). A fine-grained personal access token would only have access to the repositories and organizations to that they have been explicitly granted access. In fact, if the administrator so desires, a particular fine-grained PAT can be targeted at a single repository in the organization.

Now that’s interesting, isn’t it? That’s the world of information security, such interesting developments keep happening. Embracing these fine-grained personal access tokens and working on helping developers understand the security best practices would definitely go a long way in making systems more secure, we are sure.

With that, we come to the end of this week’s podcast! We hope we gave you something to think about, something new you would like to learn about and explore. And if you would like to learn more about Azure DevOps, might we recommend pursuing the official Microsoft Certified: DevOps Engineer Expert credentials? To earn this Microsoft certification, you need to clear the official Microsoft certification exam – AZ-400: Designing and Implementing Microsoft DevOps Solutions. This Microsoft certification is ideal for developers and infrastructure administrators who also have subject matter expertise in working with people, processes, and products to enable the continuous delivery of value in their organizations. If this is a path you would like to embark on or you would like to know more about this or any of our other live online instructor-led training and certification courses, talk to us today!

Until next week then, happy learning!

  • Share
  • LinkedIn
  • FaceBook
  • Twitter
  • Email
  • RSS

Post navigation

〈 How to apply Kanban in SAFe 5.1?
Making apps more tolerant to change with Kubernetes 〉
  • Share
  • LinkedIn
  • FaceBook
  • Twitter
  • Email
  • RSS

Related Courses

Leading SAFe® 5.1 Training  (SAFe® Agilist Certification)
Leading SAFe® 5.1 Training (SAFe® Agilist Certification)
Professional Scrum Master – Level II
Professional Scrum Master – Level II
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP)
Machine Learning & Deep Learning
Machine Learning & Deep Learning

Recent Posts

How is Azure Quantum helping speed up drug discovery?
How is Azure Quantum helping speed up drug discovery?
How does AWS support Edge Computing?
How does AWS support Edge Computing?
How is Data Hoarding harmful for businesses?
How is Data Hoarding harmful for businesses?
What is GitOps?
What is GitOps?

Get future Insights

Subscribe to our newsletter for updates on our latest opportunities, courses and events.

  • This field is for validation purposes and should be left unchanged.

4th Floor, Collabera House,
Gotri, Sevasi Road, Vadodara,
Gujarat, 390021
+91-7227048672
  • LinkedIn
  • FaceBook
  • Twitter
  • Instagram
  • Youtube
Courses
  • Cloud and DevOps
  • Internet of Things
  • Development
  • Management
  • Mobile
Companies
  • Workforce Transformation
  • Hire Skilled Talent

Individuals
  • Upgrade Your Digital Skills
  • Get Hired
Resources
  • Blog
  • Tech News

About

  • About
  • Awards
  • Referrals
  • Careers
  • Locations

Support

  • Contact
  • Site Map

  • United States
  • Global
  • Refund Policy
  • Terms & Conditions
  • Privacy Policy
Copyright © 2023 Cognixia. All rights reserved
×
banner

Cognixia Special Offer

  • This field is for validation purposes and should be left unchanged.