# Grant Temporary Access with a Hubot Chatbot

If you are using a Hubot chatbot to automate common activities, you can integrate with the `sdm` Linux binary to handle common administrative tasks. This guide shows how to add a Hubot command to grant temporary access to datasources and servers. In this guide, we use the Heroku deployment method; modify as needed if you're using a different deployment type.

### Setup

1. Set up a Hubot chatbot according to the directions on the [Hubot site](https://hubot.github.com/docs/deploying/heroku).
2. Once the setup is done, copy the \[Linux binary[Linux Installation Guide](/users/client/linux.md) into the `bin/` directory in your Hubot tree.
3. Create an [admin token](/admin/principals/admin-tokens.md) in the Admin UI with the following permissions:
   * datasource:grant
   * datasource:list
   * user:assign
   * user:list
4. Add two environment variables to your Hubot:

   ```bash
   heroku config:set SDM_HOME=/app
   heroku config:set SDM_ADMIN_TOKEN=<admin token here>
   ```
5. Add an SDM script to `scripts/`. Here is a barebones example that will grant access to datasources for one hour.

   ```javascript
   module.exports = (robot) ->
   robot.hear /access to (.*)/i, (res) ->
   target = res.match[1]
   email = res.envelope.user.email_address
   res.reply "Granting #{email} access to '#{target}' for 1 hour"
   spawn('sdm', ['admin','users','grant-temporary','-d','1h',target,email])
   ```
6. Deploy the changes with `git push heroku master`
7. Test by telling the bot `Grant me access to datasource`. It should respond with `Granting <email> access to 'datasource' for 1 hour`

### Enhancements

There are a number of ways to improve your Hubot's StrongDM integration. Here are a few examples:

1. Ensure the datasource/server requested actually exists by having the bot run `sdm admin datasources list -j` which will output a JSON-formatted list of datasources, and `sdm admin servers list -j` for SSH/RDP.
2. Add additional sanitization and error checking.
3. Ensure (through your own systems) that the requester is authorized to perform temporary grants of this nature.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.strongdm.com/admin/deployment/scenarios/hubot-chatbot.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.