Identify users behind tools and apps
You can use Cyral to provide service account resolution, which ensures that your data activity logs show the actual user account responsible for each query or other action in your databases.
What is service account resolution?
Many BI tools, when connecting to a data repository to execute requests on behalf of their end users, do so using a single service user account. As a result, from the data repository's perspective, all requests seem to originate from this service user. This can defeat the repository's role-based access controls since those controls apply only to the service user account, and not to the actual user of the BI tool.
To provide more visibility, BI tools use a technique called request annotation which involves passing in comments carrying additional information about the end user identity in the native language of the data repository. These comments are ignored by the data repository during request processing. However, they’re useful for activity monitoring and performance debugging, and they help with tracing requests back to the end users that generated them.
Cyral understands the syntax and grammar of annotations added by popular BI tools such as Looker and Tableau. It uses this knowledge to extract the end user’s identity from the comments accompanying each request, and adds it to the data activity logs.