Repo-level policies
A repo-level policy is a Cyral policy that you can configure and enable to control users' access to your data. Several predefined policy templates for common policy use cases are available, and you can quickly customize policies based on these templates to meet common policy objectives.
A repo-level policy applies to a repository (for example, a specific database) in Cyral. In the documentation, we refer to these as "repo-level policies" to distinguish them from Cyral global policies.
The Policy tab for a repository
The Policy tab helps you configure Cyral repo-level policies to enforce the most frequently used types of data access control. To add or manage a repo-level policy in the Cyral control plane UI, click Data Repos ➡️ your repository's name ➡️ Policies.
Supported policy types
- Data Masking: Hide the contents of a field in your database
- Data Protection: Guard against unwanted reads, updates, or deletions in a field in your database
- Data Firewall: Ensure that sensitive data can only be read by specified individuals
- User Segmentation: Prevent a subset of users from reading certain data
- Rate Limit: Implement threshold on sensitive data reads over a period of time
- Read Limit: Prevent certain records from being read beyond a specified limit
- Repository Protection: Alert when more than a specified number of records are being updated or deleted across the repo
- Service Account Abuse: Ensure service accounts can only be used by intended applications
See also
For more precise control over who can use your data, see the Cyral policy framework.