Why is my policy not updating when I commit policy changes in Github?

  1. Cyral's app for Github monitors your default policy branch in Github, and it automatically updates your active Cyral policies when you commit changes to that branch. If you've made a commit and your policy fails to update, you can troubleshoot by checking the following:


  1. When merging your policy changes, make sure you’re merging into the default branch of the repo. When you commit a policy change to the default branch, the Cyral Github app checks it (lints it) and applies the new policy if the checks pass. When you commit a policy change to a non-default branch, the Cyral Github app performs the checks but does not apply the policy.
  2. Make sure the private key of your Cyral Github app has not changed. Upon first setting up your Github app, you will have sent this key to Cyral so that we can add it to your application integration. When this key changes, you must send us the new key so we can update it.
  3. In the meta block of your policy, make sure the name has not changed.
  4. In your Cyral data map, make sure you follow all exclusivity limits when creating and using each LABEL. If your data maps and policies violate any of these limits, the policy update will fail. These limits prevent users from writing conflicting rules about the same data:
    • Each LABEL must be defined in only one data map.
    • A LABEL can refer to one or many attributes (for example, tables, fields, or columns) in one or many repositories.
    • A given repository location (a table, collection, field, or column) must be included in only one LABEL.
    • Each LABEL must be used in only one policy. You may use the LABEL in one or many rules in the policy.


For more information, see

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.