Skip to main content

Create and manage policies

Policies define a set of allowed actions. After a policy is defined, it’s added to roles giving users with those roles the corresponding privileges.

Create a policy

Create a new policy by defining the policy settings in a JSON string or file.

In the following policy example, read access is allowed on all Chef Courier actions.

chef-platform-auth-cli authz policy create-policy --body '{
    "version": "1.0",
    "name": "courier-tracker",
    "description": "Allows read access to read data from the courier jobs",
    "statements": [
    {
      "action": "Allow",
      "routes": [
        "/courier/*"
      ],
      "verbs": [
        "get"
      ]
    }
    ]
}' --profile <PROFILE_NAME>

Replace <PROFILE_NAME> with the profile associated with the organization you are querying.

The response is similar to the following:

{
  "item": {
    "id": "e12acd8a-da0c-4fee-bd9b-f31c9c280271",
    "definedBy": "user",
    "version": "1.0",
    "name": "courier-tracker",
    "description": "Allows read access to read data from the courier jobs",
    "status": "enabled",
    "statements": [
      {
        "action": "Allow",
        "routes": [
          "/courier/*"
        ],
        "verbs": [
          "get"
        ]
      }
    ]
  }
}

List Roles

You can list user-defined roles for an organization.

  • To list user-defined roles, use the authz role find-role subcommand:

    chef-platform-auth-cli authz role find-role --definedBy user --profile <PROFILE_NAME>

Assign a policy to a role

You can assign policies to a role.

  • To assign a policy to a role, use the authz role assign-policy subcommand:

    chef-platform-auth-cli authz role assign-policy --roleId <ROLE_ID> --body '{"policyId": "<POLICY_ID>"}' --profile <PROFILE_NAME>

    Replace:

    • <PROFILE_NAME> with the profile associated with the organization you are querying.
    • <ROLE ID> with the ID of the role
    • <POLICY ID> with the ID of the policy to be assigned to the role

    The response is similar to the following:

    {
  "item": {
    "id": "c2933b24-16a5-4c1b-940f-51e29b8875ad",
    "level": "org",
    "definedBy": "user",
    "meantFor": "user",
    "version": "1.0",
    "name": "courier-tracker",
    "status": "enabled",
    "description": "Allows read access to read data from the courier jobs"
  }
}

Get a list of policies associated with a role

You can get a list of all policies associated with a role using the role ID.

  • To get a list of all policies, use the authz role list-policies subcommand:

    chef-platform-auth-cli authz role list-policies --roleId <ROLE_ID> --profile <PROFILE_NAME>

    Replace:

    • <PROFILE_NAME> with the profile associated with the organization you are querying.
    • <ROLE ID> with the ID of the role

    The response is similar to the following:

    {
  "items": [
    {
      "id": "c2933b24-16a5-4c1b-940f-51e29b8875ad",
      "definedBy": "user",
      "version": "1.0",
      "name": "courier-tracker",
      "status": "enabled",
      "description": "Allows read access to read data from the courier jobs"
    }
  ]
}

Thank you for your feedback!

×