Skip to main content
Version: v4.11


  • access type - Access types are categories of action a user or application can take on a data platform, database, schema, or data. The main types are:

    • DQL: Data Query Language. Examples: SELECT.
    • DML: Data Modification Language. Examples: INSERT, UPDATE, DELETE.
    • DDL: Data Definition Language. Examples: CREATE, DROP.
    • DCL: Data Control Language. Examples: GRANT, REVOKE.
  • datamap - The Cyral datamap is a mapping you create to establish simple names for the data fields you protect. Your policies contain the simple names only and rely on the datamap to identify the actual columns or fields. One simple name may map to multiple fields or columns in multiple data sources.

  • identity - An identity is any user, app, or other actor who uses or manages a data repository. Cyral counts identities for licensing and pricing. We count your user identities in one of two ways, depending on how you use the product:

    • If you connect Cyral to your identity provider (such as Okta or G Suite) and use Cyral for access management, then Cyral counts the number of distinct, active users across SSO groups that are mapped to the data repositories for access management in Cyral. An active user is any user who uses Cyral to authenticate to a repository during the monthly billing period. You may use groups in your Cyral access rules, but Cyral counts only those users who try to access a data repository during the billing period. This information is available in your Cyral management console. Applications and services are not counted as active users.

    • If you don't use Cyral for repository access management (for example, if you use Cyral for logging and alerting only), then, in each monthly billing period, Cyral counts the distinct repository users who log into the data repositories connected to Cyral. Each repository user account (for example, a PostgreSQL user account) is counted exactly once per repository per month, even if many people and applications share that user account to connect.

  • policy - A policy specifies who can perform reads, updates, and deletes in specified data schemas, tables/collections, and attributes. A given policy uses a Cyral datamap to apply its rules across multiple repositories, if desired. For example, a single policy can limit access to credit card data, even if that data lives in multiple databases, with column/field names that are unique to each database.

  • repository - In Cyral, a repository is any queryable data store that your employees and applications can read data from and/or write data to.

  • sidecar - A Cyral sidecar is an interception service that you deploy to monitor and protect a data repository. The sidecar intercepts all traffic to and from the data repository and is typically installed in the same VPC as the repository. The sidecar ensures that queries can return only results that conform to the policy.