Access Requests

Last modified on May 19, 2023

The Request Access page in the Admin UI has two tabs, Catalog and Requests.


List of Available Resources That Can Be Requested
List of Available Resources That Can Be Requested

The Catalog tab contains a tabulated list of all of the resources that the user can request to access. These resources are made available via workflows that have a role(s) selected to allow all users with that role(s) to request access.

With the Catalog tab, your users can look for resources that they need, and request access to them from the Admin UI. Of particular use for organizations with large numbers of resources, the list is also searchable and has filters available to narrow down results by the values of the same fields shown in the list of resources. The list contains the following fields:

AccessCurrent status of your access to this resource
AuthenticationType of authentication used for this resource (leased credential or Remote Identity)
HealthWhether the healthcheck for the resource is successful or not
NameResource name
TagsAny tags attached to this resource
TypeResource type

Access field values

The Access field in the Catalog table can have the following values:

  • Available: The resource has been made available for requesting access.
  • Granted by role: A resource is made available for requesting access, but the user already has access because of a role.
  • Granted by temporary access: A resource is made available for requesting access, but the user already has access because of a temporary access grant or a previous (successful) access request.
  • Pending: The resource has been requested.

Make a request

From the resource catalog, you may request access to any available resource.

Request Access Modal Form
Request Access Modal Form

Once you click the button to request access, you are asked some questions about the access you require. You can set the time zone of the request to avoid miscommunication around timing, and then choose the date and time that you desire access to start and end. A helpful date picker as well as a shortcut box for common times makes the request process even faster.

The question Why do you need access? is a critical one, as in some cases it may be the only thing that provides context to the individual who is approving the request. Depending on the request in question and the policies of your organization, an answer here without relevant details may result in a denied request.

Lastly, you can review your request in text format to make sure that you have requested the correct resource for the correct times.


List of Access Requests You Made or Can Approve
List of Access Requests You Made or Can Approve

The Requests tab contains a tabulated list of all recent access requests that have been made in this organization. Users viewing the Requests tab are able to see the list of every request for which they are a valid approver, as well as requests that they initiated themselves.

Access DetailsTime and date that the request was terminated, and the type of termination
Request StatusExplanation of the current state of the request
RequestedName of the resource being requested
RequesterName of the requester
SubmittedTime and date the request was submitted

Request Status values

The Request Status field gives a value that explains the current state of the request.

  • Approved: The request was approved.
  • Canceled: When a resource is unassigned from a workflow, any pending requests are automatically canceled.
  • Denied: The request was denied.
  • Pending: The request is pending review.
  • Timed out: A consequence of inaction. If the access end date for the pending request passes without being approved or denied, then the request times out.

Access Details values

The Access Details field gives a value that indicates the time and the date that the request time window ended or will end, and the reason for the expiry.

  • Active until…: This request was approved and the user currently has access.
  • Expired on…: This request was approved, but the requested time window has elapsed.
  • Requested until…: This request is open and has no response yet.
  • Revoked on…: This request was approved; however, an approver revoked the user’s access before the request expired.

As an approver, you can see more details (such as role information about the user) and respond to the request, as in the example shown.

Request Details Modal View
Request Details Modal View

The Request Details modal shows the requester’s name, the name of the resource they intend to access, the requested time frame, and their own explanation of why they need access. You can approve or deny the request as well as provide a note to the requester. You can click Show more to see details about the user and the resource in question to provide context around who the user is and what the user is requesting to access.

Once a request has been approved or denied, an email is sent to the requester letting them know that the request has been finalized.

At any time, an approver can look at any previously granted request and revoke the access early where necessary or appropriate.

Access requests can be made for resources that are assigned to workflows in StrongDM. For more details on how workflows are created and managed, see the Workflows page.