Sonrai Cloud Permissions Firewall automates cloud privilege management through centralized global policies such as AWS Service Control Policies (SCPs). The product analyzes cloud activity to identify and restrict unused privileges, identities, third-party access, regions, and services. The tool automatically generates policies to restrict access to privileged, high-risk permissions that identities are not actively using, while exempting identities that require these privileges for operations. Unused identities can be quarantined by restricting all permissions through global policies while keeping their permissions intact for potential reactivation. The product provides visibility and control over third-party access across organizations, organizational units, or accounts. It can block third-party access through roles or resource policies and set default deny states to automatically block future access. Organizations can block unused or unwanted services and regions in AWS or GCP environments based on usage analytics. The tool enables control over services while restricting access to privileged permissions within those services. A ChatOps-based workflow handles privilege-on-demand requests, routing them to approvers and updating policies once approved. Access can be granted as permanent or time-limited, with automated notifications throughout the process. The workflow manages request, approval, and policy updates to grant access within minutes.