In one aspect, just-in-time authentication is provided to assist an administrator or staff of an IT service end user to invoke a function call to a service. The just-time-authentication can provide on-the-fly authentication to the service. In another aspect, granular permissions in executing a task or tasks for a service is enabled for a given administrator or staff of an IT service end user. In some embodiments, the granular permission involves assigning permissions to users either directly or indirectly via a mediating abstraction (such as groups, roles, etc.). Still in another aspect, stateful execution of a command/function call to a service is provided. In the stateful execution, the command/function call to the service is associated with a key, which can comprise a session id, a function name, a count of function executions for current session, and hash of input parameters for the command/function call, and/or any other information.