# Manage Strategy
The core of Authing's access control and permission management model is designed around two points: Resource and Policy. A policy defines a certain operation authority(s) for a certain resource (class). By authorizing the policy to a user (or role), you can know whether the user (or role) has operation authority for a certain operation of a resource .
Please use the module in the following ways:
import {ManagementClient} from "authing-js-sdk"
const managementClient = new ManagementClient({
userPoolId: "YOUR_USERPOOL_ID",
secret: "YOUR_USERPOOL_SECRET",
})
managementClient.policies.list // Get the list of policies
managementClient.policies.create // Create policy
managementClient.policies.listUsers // Get policy authorization records
# Add strategy
PoliciesManagementClient().create(code, policy statement, detailed format and description, please see, description)
Add strategy
# Parameters
code<string> strategy unique markPolicy statement, detailed format and description, please refer to<PolicyStatement[]> https://docs.authing.co/docs/access-control/index.htmldescription<string> description
# Example
import {PolicyEffect} from "authing-js-sdk"
const statements = [
{
resource:'books:123',
effect: PolicyEffect.Allow,
actions: ['books:edit']
}
];
const policy = await managementClient.policies.create(code, statements);
# return value
Promise<DeepPartial<Policy>>
# Delete strategy
PoliciesManagementClient().delete(code)
Delete strategy, the system built-in strategy is officially maintained by Authing and cannot be modified or deleted.
# Parameters
code<string> strategy unique mark
# Example
const {code, message} = await managementClient.policies.delete("CODE"); // Determine whether the operation is successful by whether the code is 200
# return value
Promise<CommonMessage>
# Batch delete strategy
PoliciesManagementClient().deleteMany(codeList)
Batch delete policies. The built-in policies of the system are officially maintained by Authing and cannot be modified or deleted.
# Parameters
codeList<string> strategy unique flag list
# Example
const {code, message} = await managementClient.policies.deleteMany(["CODE"]); // Determine whether the operation is successful by whether the code is 200
# return value
Promise<CommonMessage>
# Modify strategy
PoliciesManagementClient().update(code, updates)
Modify the strategy. The built-in strategy of the system is officially maintained by Authing and cannot be modified or deleted.
# Parameters
code<string> strategy unique markupdates<Object>updates.description<string> descriptionupdates.statements<PolicyStatement[]> policy statement, please refer to https://docs.authing.co/docs/access-control/index.html for detailed format and descriptionupdates.newCode<string> The new unique flag. If it is passed in, it must be guaranteed to be unique in the user pool.
# Example
const policy = await managementClient.policies.update('CODE', {newCode:'NEWCODE' });
# return value
Promise<DeepPartial<Policy>>
# Get policy details
PoliciesManagementClient().detail(code)
Get policy details
# Parameters
code<string> strategy unique mark
const policy = await managementClient.policies.detail('CODE');
# Example
# return value
Promise<DeepPartial<Policy>>
# Get a list of strategies
PoliciesManagementClient().list(options)
Get a list of strategies
# Parameters
options<Object>options.page<number> The default value is:1.options.limit<number> The default value is:10.options.excludeDefault<boolean> Whether to exclude system default resources or not. The default value istrue.
# Example
const {list, totalCount} = await managementClient.policies.list({
excludeDefault: false // Include system default strategy
});
# return value
Promise<DeepPartial<PaginatedPolicies>>
# Get policy authorization record
PoliciesManagementClient().listAssignments(code, page, limit)
Obtain policy authorization records
# Parameters
code<string> strategy unique markpage<number> The default value is:1.limit<number> The default value is10.
# Example
const {totalCount, list} = await managementClient.policies.listAssignments("CODE");
// list data example
[
{
code: "PolicyCode", // The unique mark of the policy
targetType:'USER', //'USER' means user,'ROLE' means role
targetIdentifier: '5f8812866795cc0026352fc5' // User ID or role code
},
{
code: "PolicyCode", // The unique mark of the policy
targetType:'ROLE', //'USER' means user,'ROLE' means role
targetIdentifier:'ROLE_CODE' // User ID or role code
}
]
# return value
Promise<PaginatedPolicyAssignments>
# Add policy authorization
PoliciesManagementClient().addAssignments(policies, targetType, targetIdentifiers)
Add policy authorization, the policy can be authorized to users and roles, and the policy authorized to the role will be inherited by all users under the role. This interface can perform batch operations.
# Parameters
policies<string[]> policy code listtargetType<PolicyAssignmentTargetType> Optional values are USER (user) and ROLE (role)targetIdentifiers<string[]> user id list and role code list
# Example
import {PolicyAssignmentTargetType} from "authing-js-sdk"
await managementClient.policies.addAssignments(
["code1", "code2"],
PolicyAssignmentTargetType.User,
['USERID']
);
await managementClient.policies.addAssignments(
["code1", "code2"],
PolicyAssignmentTargetType.Role,
['ROLE_CODE']
);
# return value
Promise<CommonMessage>
# Revoke policy authorization
PoliciesManagementClient().removeAssignments(policies, targetType, targetIdentifiers)
Revocation of policy authorization, this interface can be used for batch operations.
# Parameters
policies<string[]> policy code listtargetType<PolicyAssignmentTargetType> Optional values are USER (user) and ROLE (role)targetIdentifiers<string[]> user id list and role code list
# Example
import {PolicyAssignmentTargetType} from "authing-js-sdk"
await managementClient.policies.removeAssignments(
["code1", "code2"],
PolicyAssignmentTargetType.User,
['USERID']
);
await managementClient.policies.removeAssignments(
["code1", "code2"],
PolicyAssignmentTargetType.Role,
['ROLE_CODE']
);
# return value
Promise<CommonMessage>