Manage Profile Policies
- Print
- PDF
Manage Profile Policies
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Note:
These APIs are supported only when the enhanced Britive profiles feature is enabled.
- The condition field used in the following APIs can be a string or a JSON object.
"condition": "{\"ipAddress\":\"0.0.0.0/8,10.10.25.15\",\"timeOfAccess\":{\"dateSchedule\":{\"fromDate\":\"2023-07-31 00:00:00\",\"toDate\":\"2023-12-15 00:00:00\",\"timezone\":\"Pacific/Honolulu\"},\"daysSchedule\":{\"fromTime\":\"01:00:00\",\"toTime\":\"23:30:00\",\"timezone\":\"Pacific/Honolulu\",\"days\":[\"MONDAY\",\"TUESDAY\",\"WEDNESDAY\",\"THURSDAY\"]}},\"approval\":{\"approvers\":{\"userIds\":[\"vaishali\"]},\"validFor\":4,\"isValidForInDays\":true,\"timeToApprove\":60,\"notificationMedium\":[\"Email Only\",\"teams-vw\",\"Slack - Arpita\"]}}""condition": { "approval": { "notificationMedium": "12051835-cdf3-494b-a07e-923cb945b97b", "timeToApprove": 300, "validFor": 300, "isValidForInDays": true, "approvers": { "userIds": [ "CCy1O21HXuzSNzCp8vWI" ] } } } - notificationMedium inside the condition field can be either a string or an array.
- Only one notification medium can be specified when used as a string.NotificationMedium as a string
"notificationMedium\":\"12051835-cdf3-494b-a07e-923cb945b97b\" - Multiple notification mediums can be specified when used as an array.NotificationMedium as an array
"notificationMedium\":[\"44d45a37-f28b-4e51-8eef-4d5ff9e15aa9\",\"b438ae73-2930-41d9-b736-f80e072af753\"]
- Only one notification medium can be specified when used as a string.
1. Create a Policy for Profiles
The POST method allows you to create a new policy for a specified profile in the system.
| POST | {{url}}/api/paps/{{papId}}/policies |
Request Example
An example request is shown here.
curl -X GET '{{url}}/api/paps/{{papId}}/policies' -H 'content-type: application/json' -H "Accept: application/json" -H 'Authorization: Bearer <token> \
-d
{
"name": "ProfilePolicy_15dec",
"description": "test",
"isActive": true,
"isDraft": false,
"isReadOnly": false,
"condition": {
"timeOfAccess": {
"dateSchedule": {
"fromDate": "2022-12-18 00:30:00",
"toDate": "2022-12-20 02:30:00",
"timezone": "Europe/Paris"
},
"daysSchedule": {
"fromTime": "20:30:00",
"toTime": "21:30:00",
"timezone": "Europe/Paris",
"days": [
"SATURDAY",
"TUESDAY"
]
}
}
},
"members": {
"users": [
{
"id": "CCy1O21HXuzSNzCp8vWI"
}
]
},
"resource": "aziewhoieflmzqd4k7yf",
"consumer": "papservice",
"accessType": "Allow"
}Response Example
An example response is shown here:
{
"id": "48d1e514-5ca9-481a-b066-9113dd13c3c9",
"name": "ProfilePolicy_15dec",
"description": "test",
"isActive": true,
"isDraft": false,
"isReadOnly": false,
"condition": {
"timeOfAccess": {
"dateSchedule": {
"fromDate": "2022-12-18 00:30:00",
"toDate": "2022-12-20 02:30:00",
"timezone": "Europe/Paris"
},
"daysSchedule": {
"fromTime": "20:30:00",
"toTime": "21:30:00",
"timezone": "Europe/Paris",
"days": [
"SATURDAY",
"TUESDAY"
]
}
}
},
"permissions": [
{
"id": "108e50c2-4e3c-4835-9491-e6da36ddbce7",
"name": "ProfilePolicy_15dec_perm",
"consumer": "papservice",
"actions": [
"papservice.profile.access"
],
"resources": [
"$$TestApp$$$/test profile 1/*"
],
"isInline": true,
"isReadOnly": false
}
],
"members": {
"users": [
{
"id": "CCy1O21HXuzSNzCp8vWI",
"name": "jliu1"
}
]
},
"resource": "g2v8yq4vuvbx1fldhfoh",
"consumer": "papservice",
"accessType": "Allow"
}Note:
To configure Step Up verification, add the following section under the condition:
"stepUpCondition": {
"factor": "TOTP",
"alwaysPrompt": false
}
where:
- factor: MFA factor to step up authenticate with
- alwaysPrompt: The user should always perform the Step Up authentication to satisfy the policy Step Up authentication condition.
2. Get Policy for Profile
The GET method returns the details of a policy for a specified profile and policy.
| GET | {{url}}/api/paps/{{papId}}/policies/{{policyId}} |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
compactResponse | The API returns a lesser details in permission, members fields of policy. | Boolean | Optional |
conditionJson | The condition is returned as JSON when TRUE otherwise condition is returned as a string. | Boolean | Optional |
Request Example
An example request is shown here.
curl -X GET ‘{{url}}/api/paps/{{papId}}/policies/{{policyId}}’ -H 'Authorization: Bearer <token>'Response Example
An example response is shown here.
{
"id": "b4e1d204-9244-4332-af1e-9465533b09b0",
"name": "Doc Profile Policy 1",
"description": "",
"isActive": true,
"isDraft": false,
"isReadOnly": false,
"members": {
"users": [
{
"id": "0gbxlkyu2bcz4xjfrral",
"name": "sangeetab"
}
]
},
"consumer": "papservice",
"accessType": "Allow"
}3. Get all Policies for Profile
The GET method returns the list of all policies for the profile ID given in the request.
| GET | {{url}}/api/paps/{{papId}}/policies |
Request Parameters
The request parameters used in this method are shown in the following table:
| Parameter | Description | Data Type | Required |
filter | Filter the profile policies based on the name of a policy. The supported operators are 'eq', 'sw' and 'co'. An example format is given here: name eq TestPolicy | String | Optional |
Request Example
An example request is shown here.
curl -X GET ‘{{url}}/api/paps/{{papId}}/policies’ -H 'Authorization: Bearer <token>'Response Example
An example response is shown here.
[
{
"id": "382b5891-9667-4a11-9a06-ed6c77510b6c",
"name": "Doc Profile Policy",
"description": "Doc Profile Policy Description!",
"isActive": true,
"isDraft": false,
"isReadOnly": false,
"resource": "v34y13vby9lk17mdamul",
"consumer": "papservice",
"accessType": "Allow"
},
{
"id": "b4e1d204-9244-4332-af1e-9465533b09b0",
"name": "Doc Profile Policy 1",
"description": "",
"isActive": true,
"isDraft": false,
"isReadOnly": false,
"resource": "v34y13vby9lk17mdamul",
"consumer": "papservice",
"accessType": "Allow"
}
]4. Delete Profile Policy
The DELETE method allows you to delete the policy created for a specified profile.
| DELETE | {{url}}/api/paps/{{papId}}/policies/{{policyId}} |
Request Example
An example request is shown here.
curl --location --request DELETE '{{url}}api/paps/{{papId}}/policies/{{policyId}}}' \
--header 'Authorization: TOKEN {{token}}'Response Example
The profile is deleted.
5. Update Profile Policy
The PATCH method allows you to edit the policy details of a specified profile.
| PATCH | {{url}}/api/paps/{{papId}}/policies/{{policyId}} |
Request Example
An example request is shown here.
curl --location --request PATCH '{{url}}/api/paps/{{papId}}/policies/{{policyId}}' \
--header 'Authorization: TOKEN {{token}}' \
--data-raw '{
"name": "Updated Profile_Policy 1",
"description": "Updated description"
"members": {
"users": [
{
"id": "0gbxlkyu2bcz4xjfrral"
}
],
},
"accessType": "Allow"
}Was this article helpful?
