Policies
A repo-level policy is a Cyral policy that you can configure and enable to control users' access to the data in the repository. A repo-level policy applies to a repository (for example, a specific database) in Cyral. In the documentation, we refer to these as "repo-level policies" to distinguish them from Cyral global policies.
You can use one of the several available policy wizards for common policy use cases, and quickly create policies using these wizards to meet common policy objectives.
Alternately, you can create custom policies to meet your specific requirements. Custom repo-level policies are called local policies and are described in this section.
The Policy tab for a repository
The Policy tab helps you configure Cyral repo-level policies to enforce the most frequently used types of data access control. To add or manage a repo-level policy in the Cyral control plane UI, click Data Repos ➡️ your repository's name ➡️ Policies.
Available policy wizards
- Data Firewall: Ensure that sensitive data can only be read by specified individuals
- Data Masking: Hide the contents of a field in your database
- Data Protection: Guard against unwanted reads, updates, or deletions in a field in your database
- Object Protection: Guard against unauthorized creation, deletion, and modifications of users and roles in your database
- Rate Limit: Implement threshold on sensitive data reads over a period of time
- Read Limit: Prevent certain records from being read beyond a specified limit
- Repository Protection: Alert when more than a specified number of records are being updated or deleted across the repo
- Schema Protection: Prevent schema changes (creating, altering, dropping of tables and views) in a repository, except by specific identities
- Service Account Abuse: Ensure service accounts can only be used by intended applications
- Stored Procedure Governance: Control the use of stored procedures in a repository
- User Segmentation: Prevent a subset of users from reading certain data