Access model explorer
An interactive map of how access works in Reqflo — organizations, services, journeys, sensitive objects, and the actors that hold grants.
Reqflo's access model is product-shaped: services own sensitive execution dependencies, journeys control who can view, build, and run workflows, and sensitive objects stay usable at runtime without ever becoming visible.
Use the map below to explore it. Select any node — an entity, an access mode, or an actor — to see what it is and exactly who can do what. The highlighted edges show how that piece connects to the rest of the model.
How access works in Reqflo
A product-shaped model: services own sensitive execution dependencies, journeys control who can view, build, and run, and secrets stay usable without ever becoming visible.
How to read the map
- Solid edges are manage / contain relationships — ownership and structure.
- Dashed edges are runtime use · no reveal — a journey consumes a service's sensitive objects at execution time, never by exposing their values.
The key principle: journey execution grants runtime use, not secret visibility. A consumer can run a journey that uses a credential without ever seeing the credential.
Related
- Permissions overview — the open catalog, controlled execution model.
- Permission concepts — the underlying objects access is calculated from.
- How access is evaluated — the evaluation order.
- Sensitive resources — write-only values and runtime use.