Request Access

Last modified on January 4, 2024

An access request can be made for a resource that is assigned to a workflow in your StrongDM organization. For more details on how workflows are created and managed, see the Workflows page.

The Request Access page in the Admin UI has two tabs, Catalog and Requests. The Catalog is a listing of resources that are available to request. The Requests tab shows a list of your requests as well as any that you are eligible to approve.

Catalog

List of Available Resources That Can Be Requested
List of Available Resources That Can Be Requested

The Catalog tab contains a tabulated list of all of the resources that the user can request to access. These resources are made available via workflows that have a role(s) selected to allow all users with that role(s) to request access.

With the Catalog tab, your users can look for resources that they need, and request access to them from the Admin UI. Of particular use for organizations with large numbers of resources, the list is also searchable and has filters available to narrow down results by the values of the same fields shown in the list of resources. The list contains the following fields:

FieldDescription
AccessCurrent status of your access to this resource
AuthenticationType of authentication used for this resource (leased credential or Remote Identity)
HealthWhether the healthcheck for the resource is successful or not
NameResource name
TagsAny tags attached to this resource
TypeResource type

Access field values

The Access field in the Catalog table can have the following values:

ValueDescription
AvailableAvailable to request
Granted by roleAvailable to request, but already granted by a role
Granted by temporary accessAvalable to request, but already granted by a temporary access grant or approved access request
PendingRequest pending review

Make a request

From the resource catalog, you may request access to any available resource. You may make a request for as many resources as you need, but each request can be for one specified resource only.

Request Access Modal Form
Request Access Modal Form

Once you click the button to request access, you are asked some questions about the access you require. You can set the time zone of the request to avoid miscommunication around timing, and then choose the date and time that you desire access to start and end. A helpful date picker as well as a shortcut box for common times makes the request process even faster.

The question Why do you need access? is a critical one, as in some cases it may be the only thing that provides context to the individual who is approving the request. Depending on the request in question and the policies of your organization, an answer here without relevant details may result in a denied request.

Lastly, you can review your request in text format to make sure that you have requested the correct resource for the correct times.

Requests

List of Access Requests You Made or Can Approve
List of Access Requests You Made or Can Approve

The Requests tab contains a tabulated list of all recent access requests that have been made in this organization. Users viewing the Requests tab are able to see the list of every request for which they are a valid approver, as well as requests that they initiated themselves.

FieldDescription
Access DetailsTime and date that the request was terminated, and the type of termination
Request StatusExplanation of the current state of the request
RequestedName of the resource being requested
RequesterName of the requester
SubmittedTime and date the request was submitted

Request Status values

The Request Status field gives a value that explains the current state of the request.

ValueDescription
ApprovedRequest previously approved
CanceledResults when requested resource is removed from the workflow
DeniedRequest previously denied
PendingRequest yet to be reviewed
Timed outResults when requested end date for the pending request passes without being approved or denied

Access Details values

The Access Details field gives a value that indicates the time and the date that the request time window ended or will end, and the reason for the expiry.

ValueDescription
Active until…Previously approved request with current access granted
Expired on…Previously approved request whose requested time window has elapsed
Requested until…No approval or denial response yet
Revoked on…Previously approved access that was revoked before the requested time window had elapsed
Top