Policy Rules
The Devii Portal further facilitates tenancy access by utilizing policy rules. These rules consist of three components: the rule scope, which determines to which subjects and objects the rule applies; a set of capabilities for which the rule is relevant; and a filter expression, which is applied to queries and mutations during execution. Not all of these components are always required: a rule must always have a set of capabilities, and at least a set of targets in its scopes, but rules may provide scopes with no filter, or scopes with no roles or role classes specified
To view, add, edit or delete policy rules click on the "Policy" button on the left side of the Portal.
The first time you click on the button the policy rules card will be blank as there are no rules created.
Add Policy Rule
To add a new policy rule click on the plus button on the upper right side of the policy card and a new Add Policy Rule card will appear on the screen.
Field descriptions for Policy Rules
Description - a short description of the the rule you are creating
Logic - This is a boolean value, if true, this rule has no role or class scopes, and access to the targets is granted to all roles.
Role Classes - A drop down menu of the role classes that have been created for this tennancy.
Roles - a drop down menu of roles that have been created for this tennancy.
Operations - a drop down menu consiting of upload, update, select, insert, download and delete that this policy will grant.
Targets - a drop down menu of all the tables
Filters - filters that are applied to queries and mutations, to modify which rows are returned or acted upon. To learn more about policy rules please click on the link "Expression language documentation" in the botton right of the Add Poliy Rule card or vist Policy-Based Access Control page for indepth information.
Policy Rule Examples
The rule "Rule Demo" allows members of the Demo admin class view, edit, delete, upload and download all of the tables included in the "Targets".
The rule, "demo rule" allows all members in the role class "Demo Class" to select and update database records of the rows that correspond to their role id in the table "films" and column "roleid".
Edit Policy Rule
To edit or delete a policy rule click on the vertical ellipsis next to the rule and click on the edit button to edit the policy rule or delete if you wish to delete the policy rule.
After clicking on "Edit Policy Rule", you can edit any of the policy fields, after saving your changes a success message will appear in the botton left of the Portal.
To delete a rule click on the "Delete Policy Rule" and a confirmation window will pop up, if you still wish to delete the rule, click on the red "Delete" button.