Skip to main content
Version: v4.14

Show a repository in the Access Portal

Help users find and connect to repositories

The Cyral Access Portal helps data users find and connect to databases. You can make a repository visible for your users in the Access Portal with these steps:

  1. Choose the Access Gateway:

    • Click Data Repos ➡️ click your repo's name ➡️ Advanced

    • Set the Access Gateway to the name of the Cyral sidecar that will give users access.

      note

      Even with only one sidecar present, you must select the sidecar's name. If your repository is bound to more than one sidecar, choose one.

  2. Map the SSO users and groups who will use the repository. For a given user to see a repository in the Access Portal:

tip

If your users will connect to S3 through the Cyral S3 File Browser, see Enable the S3 File Browser

tip

If your team uses a large number of repositories, you can add tags to make a repository more visible in the Access Portal.

Let users request access to repositories

The Cyral Access Portal lets data users request access to a database. You can make a repository requestable in the Access Portal with these steps:

  1. Set the identity provider for the repository. (Data Repository ➡️ Advanced ➡️ Authentication ➡️ Identity Provider). Only users who SSO-authenticate via this identity provider will see the repository as requestable.

  2. Track at least one local account in Cyral to provide access to the repository.

  3. Find the Cyral sidecar associated with the repository. Make sure Passthrough Mode is turned OFF.

  4. Add a Slack Alerting Integration with a name beginning with the string Access Requests:

  5. Designate admins who will approve and reject access requests, and have them subscribe to the Slack channel. They'll receive an alert when a user requests access.

You can directly link to the Request Access form through a URL, allowing you to share it with users who need to request access to a repository.

The URL to access the Request Access form is:

https://<your portal URL>/app/access-portal/request-access

In addition, you are able to pre-populate the form by adding any of the following query parameters to the URL:

  • repositoryType: The type of the repository. This must be one of the valid repository types that we support:
    • redshift, s3, denodo, dremio, dynamodb, dynamodbstreams, galera, mariadb, mongodb, mysql, oracle, postgresql, & sqlserver
  • repositoryName: The name of the repository
  • databaseAccount: The name of the database account on the repository
  • validUntil: The datetime the approval request will be valid until. This should be an ISO8601 formatted datetime string.
  • reason: The reason the user is requesting access to the repository. This should be a percent-encoded string.

All of these query parameters are optional. You may specify as many or as few as you like.

Here's an example of a URL with some of the query parameters specified:

https://<your portal URL>/app/access-portal/request-access?repositoryName=cyral-repo&databaseAccount=admin
info

You can also set up Cyral's app in Slack so that your users can request database access, just by chatting with the Cyral bot.

Next steps