# Leases

Leases are time-bound grants of access tied to a device (or system) and a role.

Rules:

- A lease has an expiry.
- A lease is revocable.
- Every lease has a recorded grant and a recorded revoke/rotate event.

Use `20-identity/templates/lease.md` for new leases.