TEA (time, entitlements and approvals)

TEA stands for Time, Entitlements, and Approvals – a security methodology that extends the principle of least privilege by adding granular control in three dimensions. It means that when granting access to a resource, you specify how long(Time) the access is valid, what exact privileges (Entitlements) are given, and who/what must approve the access (Approvals). Under a TEA model, no privileges are permanently available by default; any elevated access requires appropriate approvals and is tied to a limited duration and scope​.

For example, an engineer might request access to a database. Under TEA, that request would need manager approval, would grant only the specific role needed (say read-only), and would last only for a defined time window. Once the time expires, the access is automatically revoked, returning the user to zero standing privileges​. In essence, TEA operationalizes just-in-time access with a structured approach: time-bound, least-privilege entitlements, with approval workflows.

How does it affect identity security?

TEA is important because it ensures that elevated access cannot be obtained or used without oversight and is not left active indefinitely. By enforcing that every privileged entitlement has an expiry and an approval trail, TEA dramatically reduces the risk of abuse or unnoticed privilege escalation. It closes the gap beyond basic least privilege by preventing even temporarily unused privileges from lying around. 

In practice, this mitigates insider threats and limits the damage from compromised accounts – even if attackers steal credentials, they cannot use them to get sensitive data unless an approval process grants the needed entitlement, and even then the access would be short-lived. TEA thereby helps achieve Zero Standing Privilege (ZSP), meaning users revert to having no privileged access by default once their approved time window closes​. This approach improves security without grinding operations to a halt: it strikes a balance between agility and control. Teams can still get fast access to do their jobs (via just-in-time grants), but the strict limits on time and scope mean any misuse opportunities are greatly curtailed.

Case study

A famous case underscoring TEA’s value is the Edward Snowden incident in 2013. Snowden, an NSA contractor, was able to steal a vast number of classified documents largely because he had broad and standing access as a systems administrator, and there were insufficient approval checkpoints on his activities. Reports revealed that Snowden even coerced colleagues into sharing their login credentials, giving him unauthorized access to data outside his normal scope​.

With these credentials and his own admin rights, he fabricated access tokens and essentially operated unchecked within NSA networks, accessing and exfiltrating highly sensitive files​. The NSA’s controls at the time did not limit the duration or scope of admin access (he had nearly free rein), nor were there rigorous approval steps to detect such unusual access. The fallout from this insider breach was massive. 

If a TEA approach had been in place, Snowden’s access could have been compartmentalized – e.g. requiring specific approvals to access especially sensitive databases, granting him elevated rights only for set time windows, and immediately logging and reviewing any atypical entitlement changes. Thus, this case demonstrated that without time limits and approvals, even authorized insiders can abuse privileges. Adopting TEA-like constraints is now seen as a way to prevent the kind of unchecked identity access that enabled the Snowden breach.

‍