Request Access
Last modified on April 9, 2024
This feature is part of the Enterprise bundle. If it is not enabled for your organization, please contact StrongDM at the StrongDM Help Center.
An access request can be made for a resource that is assigned to a workflow in your StrongDM organization. For more details on how workflows are created and managed, see the Workflows page.
The Request Access page in the Admin UI has two tabs, Catalog and Requests. The Catalog is a listing of resources that are available to request. The Requests tab shows a list of your requests as well as any that you are eligible to approve.
Catalog
The Catalog tab contains a tabulated list of all of the resources that the user can request to access. These resources are made available via workflows that have a role(s) selected to allow all users with that role(s) to request access.
With the Catalog tab, your users can look for resources that they need, and request access to them from the Admin UI. Of particular use for organizations with large numbers of resources, the list is also searchable and has filters available to narrow down results by the values of the same fields shown in the list of resources. The list contains the following fields:
| Field | Description |
|---|---|
| Access | Current status of your access to this resource |
| Authentication | Type of authentication used for this resource (leased credential or Identity Alias) |
| Health | Whether the healthcheck for the resource is successful or not |
| Name | Resource name |
| Tags | Any tags attached to this resource |
| Type | Resource type |
Access field values
The Access field in the Catalog table can have the following values:
| Value | Description |
|---|---|
| Available | Available to request |
| Granted by role | Available to request, but already granted by a role |
| Granted by temporary access | Avalable to request, but already granted by a temporary access grant or approved access request |
| Pending | Request pending review |
Make a request
From the resource catalog, you may request access to any available resource. You may make a request for as many resources as you need, but each request can be for one specified resource only.
Once you click the button to request access, you are asked some questions about the access you require. You can set the time zone of the request to avoid miscommunication around timing, and then choose the date and time that you desire access to start and end. A helpful date picker as well as a shortcut box for common times makes the request process even faster.
The question Why do you need access? is a critical one, as in some cases it may be the only thing that provides context to the individual who is approving the request. Depending on the request in question and the policies of your organization, an answer here without relevant details may result in a denied request.
Lastly, you can review your request in text format to make sure that you have requested the correct resource for the correct times.
Requests
The Requests tab contains a tabulated list of all recent access requests that have been made in this organization. Users viewing the Requests tab are able to see the list of every request for which they are a valid approver, as well as requests that they initiated themselves.
| Field | Description |
|---|---|
| Access Details | Time and date that the request was terminated, and the type of termination |
| Request Status | Explanation of the current state of the request |
| Requested | Name of the resource being requested |
| Requester | Name of the requester |
| Submitted | Time and date the request was submitted |
Request Status values
The Request Status field gives a value that explains the current state of the request.
| Value | Description |
|---|---|
| Approved | Request previously approved |
| Canceled | Results when requested resource is removed from the workflow |
| Denied | Request previously denied |
| Pending | Request yet to be reviewed |
| Timed out | Results when requested end date for the pending request passes without being approved or denied |
Access Details values
The Access Details field gives a value that indicates the time and the date that the request time window ended or will end, and the reason for the expiry.
| Value | Description |
|---|---|
| Active until… | Previously approved request with current access granted |
| Expired on… | Previously approved request whose requested time window has elapsed |
| Requested until… | No approval or denial response yet |
| Revoked on… | Previously approved access that was revoked before the requested time window had elapsed |