Skip to main content

Policy Rules

The Devii Portal further facilitates tenancy access by utilizing policy rules. These rules consist of three components: the rule scope, which determines to which subjects and objects the rule applies; a set of capabilities for which the rule is relevant; and a filter expression, which is applied to queries and mutations during execution. Not all of these components are always required: a rule must always have a set of capabilities, and at least a set of targets in its scopes, but rules may provide scopes with no filter, or scopes with no roles or role classes specified

To view, add, edit or delete policy rules click on the "Policy" button on the left side of the Portal.

The first time you click on the button the policy rules card will be blank as there are no rules created.

Policy Rules No Rules

Add Policy Rule

To add a new policy rule click on the plus button on the upper right side of the policy card and a new Add Policy Rule card will appear on the screen.

Database Details

Field descriptions for Policy Rules

  • Description - a short description of the the rule you are creating

  • Logic - This is a boolean value, if true, this rule has no role or class scopes, and access to the targets is granted to all roles.

  • Role Classes - A drop down menu of the role classes that have been created for this tennancy.

  • Roles - a drop down menu of roles that have been created for this tennancy.

  • Operations - a drop down menu consiting of upload, update, select, insert, download and delete that this policy will grant.

  • Targets - a drop down menu of all the tables

  • Filters - filters that are applied to queries and mutations, to modify which rows are returned or acted upon. To learn more about policy rules please click on the link "Expression language documentation" in the botton right of the Add Poliy Rule card or vist Policy-Based Access Control page for indepth information.

Policy Rule Examples

The rule "Rule Demo" allows members of the Demo admin class view, edit, delete, upload and download all of the tables included in the "Targets".

New Policy Rule

The rule, "demo rule" allows all members in the role class "Demo Class" to select and update database records of the rows that correspond to their role id in the table "films" and column "roleid".

New Policy Rule

Edit Policy Rule

To edit or delete a policy rule click on the vertical ellipsis next to the rule and click on the edit button to edit the policy rule or delete if you wish to delete the policy rule.

Edit Policy Menu

After clicking on "Edit Policy Rule", you can edit any of the policy fields, after saving your changes a success message will appear in the botton left of the Portal.

Database Details

To delete a rule click on the "Delete Policy Rule" and a confirmation window will pop up, if you still wish to delete the rule, click on the red "Delete" button.

Policy Delete Button