Create an access policy
Introduction
Access policies control the circumstances in which tokens can be exchanged for the raw data. Practically, access policies are functions that receive contextual data and return true or false according to whether access is allowed or denied. For more info, see Access Policies Definition .
Policy templates are parametrizable functions that, once parametrized, become access policies. For example, you may have a template IsRole(role)
that accepts a parameter, role, to create policies like IsRoleEngineer
, IsRoleAdmin
and IsRoleMember
.
New access policies can be created by writing a new policy or template from scratch, composing existing policies with AND
/ OR
logic, or both.
Access policies and templates are managed from the Policies page in UserClouds Console.
Creating Policy Templates in the UI
Policy templates are parametrizable functions that can be parametrized to create access policies. To create a policy template, go to the Policies page and click Create Policy Template.
1 Create your access policy template
Specify a name, a description and a javascript function for your policy. The javascript function may optionally accept parameters, which you can test below.
2 Test and save your policy template
Use the "Test Your Draft" card at the bottom of the page to test your policy template. You can add test parameters to simulate turning the policy template into an access policy, and then test that access policy with test context. The interface will show the result of your test as "Access Allowed" or "Access Denied".
Creating Access Policies in the UI
1 Open the Create Access Policy Page
To create a new access policy, click "Create Policy" from the Policies page, accessible from the sidebar of UserClouds Console. You can create the new policy by writing a new policy or template from scratch in this interface, by composing existing policies with AND / OR logic, or both.
2 Set your access policy name and description
Next, add a name and a description for your policy.
3 Compose your policy
Next, compose the policy from one or more policies and templates in the "Compose Policy" card.
Use the dropdowns and "Add policy" button to add policies or templates to add policies to your composition. When you add a template, set the parameters in the adjacent text input to turn the template into a policy. When you add a policy, the "Parameters" input will be disabled, since policy instances are already parametrized
If you want to add a brand new policy, you can click "Create New Policy Template" and write a new template from scratch, then parametrize it.
Once you have added two policies, choose a logical conjunction (AND
or OR
) for your composition.
To simulate groups / parentheses, create policies for each group, then conjugate them in a separate policy. This approach allows you to
4 Test and save your new policy
Finally, test your policy with different contexts in the "Test Your Draft" card. The interface will show the result of your test as "Access Allowed" or "Access Denied".
Nice job! You created an access policy.
Updated 5 months ago