Permissions and Roles
When you select a Policy from the top level Policy listing, or from a Child Policy listing, you will be able to create Permissions and Roles for the selected Policy.
Manage Policy
Once you have created a Policy by name, you will want to add Permissions and Roles to the Policy and group Permissions by Roles in preparation for assigning those Permissions to users during Policy evaluation.
You can select a Policy to manage by selecting the Policy name in the list of policies. From the top level Policy listing (shown below) or from a Child Policy listing:
The Manage Policy page allows you to do the following:
Add Permissions
Add Application Roles
Assign Application Roles to Permissions
You can also select Application Roles and manage User Assignments.
Add Permission
Your Policy is typically related to a particular application, component of an application, feature area or logical resource that requires authorization. As such you will create Permissions that relate to this particular Policy so that when a user is to be evaluated for their access rights in this Policy, the relevant Permissions will be returned according to assignment.
To add a Permission, select the Add Permission link and enter a unique name for the Permission.
The new Permission will be shown in the Permissions list.
Rename Permission
If you want to rename the Permission you can do so from the list by selecting the Edit icon (the pencil).
After updating the name, press the Enter key or select the check mark icon. If you decide not to rename, select the Cancel (X) icon to cancel editing.
Delete Permission
If you want to delete a Permission from the Policy, select the Delete (garbage can) icon. You will be prompted to confirm before the action is taken.
Warning
This is a non-recoverable action that will remove all associations with this Permission to any Application Roles.
Add Application Role
Users will be assigned Permissions through Application Roles. The Application Roles themselves are not typically used for authorization, though they can be returned with the Policy evaluation result for a user. Application Roles are used to group Permissions so that when a user is assigned the Application Role they are granted those Permissions.
To add an Application Role, select the Add Role link and enter a unique name for the Role.
The new Role will be shown in the Roles list.
Rename Role
If you want to rename the Role you can do so from the list by selecting the Edit icon (the pencil).
After updating the name, press the Enter key or select the check mark icon. If you decide not to rename, select the Cancel (X) icon to cancel editing.
Delete Role
If you want to delete a Role from the Policy, select the Delete (garbage can) icon. You will be prompted to confirm before the action is taken.
Warning
This is a non-recoverable action that will remove all associations between Permissions with this Role, and remove all user assignments to this Role.
Permissions and Child Policies
After adding a Child Policy you can select it from the Child Policies listing to manage that policy.
From the Manage Policy page, you’ll see that the breadcrumb shows the policy name you are managing, in a hierarchy showing its parent policies.
If the parent policy has existing roles or permissions, those will be visible to the Child Policy but not editable since they are not owned by the Child Policy.
Child Policy Permissions
To add a Permission to the Child Policy from the Manage Policy page select the Add Permission link.
After adding the Permission, it will be listed and editable to this policy.
You will be able to rename or delete permissions created by the Child Policy when you are managing the policy.
Child Policy Roles
To add a Role to the Child Policy from the Manage Policy page select the Add Role link.
After adding the Role, it will be listed and editable to this policy.
You will be able to rename or delete roles created by the Child Policy when you are managing the policy.