Skip to main content
Skip table of contents

[10.3.0 ~] WAC JIT Permissions Acquisition Guide

This guide explains how to acquire Just-in-Time (JIT) permissions for Web Apps via QueryPie WAC. JIT permission acquisition follows this sequence:

  1. Register a Web App in QueryPie WAC.

  2. Register Owners and Members for the Web App.

  3. The user requests access to the Web App they wish to connect to.

  4. The approver, registered as an Owner, approves the user's Web App access request.

Notification

This JIT Permission Acquisition Guide is based on version 10.3.0.

To follow this guide, you need either Owner or Web App Admin privileges among QueryPie administrator permissions.

Admin-side

1. Registering a Web App

  1. Navigate to the Admin > Web Apps > Connection Management > Web Apps menu.

  2. Click the Create a Web App button to go to the web app registration page.

스크린샷 2025-04-12 오후 10.56.20.png

Enter the following information:

  1. Name : QueryPie Web Site

  2. Base URL : querypie.com or 10.10.10.10:443

    1. Sub-paths (e.g., /ko) cannot be included in the Base URL.

    2. An error message is displayed if https:// is entered in the Base URL.

    3. An error message is displayed if www. is entered in the Base URL.

  3. Description: Enter a description for the web app (e.g., QueryPie Website).

  4. URL Paths: Enter sub-paths. Leave this blank for now.

  5. Watermark: Select whether to apply a watermark to the user's browser screen when accessing the web app.

    1. This helps prevent screen leakage by displaying information such as the accessor and access date/time on the browser when the web app is accessed.

    2. This guide will assume it is set to On.

  6. User Activity Recording: Whether to record user activity.

    1. Set to On and enable all options.

    2. Excluded URL Paths is for entering paths to exclude from user activity recording. Leave this blank for now.

  7. Tag: Tags for the web app. Leave this blank for now.

  8. Click the Save button to save.

2. Registering Web App Owner / Member

image-20250513-042540.png

  1. Access the web app's details page.

  2. Click the Owner/Member button in the upper right corner.

  3. A drawer will open on the right. Search for the target user and assign them a role by selecting the Owner (left) or Member (right) button in the "Assign as" column.

There are two roles for Just-in-Time (JIT) permission grants:

  • Owner: An entity that can approve Just-in-Time requests for this web app.

  • Member: An entity that can submit Just-in-Time requests for this web app.

3. User Requesting JIT Web App Access Permission

To access Web Apps via QueryPie, installation of the Root CA certificate and the Chrome Extension is required.

For installation instructions, please refer to the following sections in the 10.3.0-en WAC Quickstart guide:

WAC Quickstart | 1.-Root-CA-인증서-설치하기

WAC Quickstart | 2.-Extension-다운로드-받기

WAC Quickstart | 3.-Extension-설치-및-Host-설정하기

image-20250513-065134.png

  1. After logging into QueryPie, click Web Apps at the top.

  2. Click Role on the left and select “Just In Time Role”.

  3. Click the Web App you want to access.

  4. Click “Request Access” in the alert that appears to go to Workflow.

image-20250513-065247.png

  1. Access the Web App Just-In-Time Access Request page.

  2. Complete Step 1. If you clicked on an item assigned to you in Web Apps, no separate selection is needed.

    • Web App: Only items for which the user is designated as a Member can be selected.

    • Approvers: Displays Users designated as Owner.

  3. Complete Step 2.

    • Request Title: Enter the request title.

    • Access Duration (Minutes): Enter the duration of use. Requests are made in minute increments.

    • Reason for Request: Enter the reason for the request.

  4. Click Submit.

The following restrictions apply when requesting JIT (Just-in-Time) permissions:

  • The approver is fixed as the Web App Owner.

  • The approval condition is fixed so that approval is complete if at least one of multiple approvers approves.

  • Adding approval steps or changing approvers is restricted.

  • Post-approval mode appears if enabled in Approval Configuration; if set to Off, it will not appear on the request screen.

4. Approver Approving the JIT Web App Access Permission Request

image-20250513-072925.png

  1. The user with approval authority (designated as a Web App Owner) accesses Workflow.

  2. Navigate to the Received Requests > To Do menu.

  3. Click the request to go to its Detail page.

  4. Click Approve at the top.

5. Accessing the Web App via QueryPie

image-20250513-073501.png

  1. Go to QueryPie Web Apps.

  2. Click Role in the upper left corner and change it to Just In Time Role.

  3. In the Web App Dashboard under My Apps, the QueryPie Web Site app icon you requested earlier will show “JIT Active”. Click the icon to access the website.

  4. When the requested time expires, access permission is automatically revoked.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close