Manage Strategy

• Manage Strategy
  • Add strategy
  • Delete strategy
  • Batch delete strategy
  • Modify strategy
  • Get policy details
  • Get a list of strategies
  • Get policy authorization record
  • Add policy authorization
  • Revoke policy authorization

The core of Authing's access control and permission management model is designed around two points: Resource and Policy. A policy defines a certain operation authority(s) for a certain resource (class). By authorizing the policy to a user (or role), you can know whether the user (or role) has operation authority for a certain operation of a resource .

Add strategy

PoliciesManagementClient().create(code, policy statement, detailed format and description, please see, description)

Add strategy

Parameters

• code <string> strategy unique mark
• Policy statement, detailed format and description, please refer to<PolicyStatement[]> https://docs.authing.co/docs/access-control/index.html
• description <string> description

Example

code ='PolicyCode'
statements = [
    {
        'resource':'book:123',
        'actions': ['books:read'],
        'effect':'ALLOW'
    }
]
policy = management_client.policies.create(
    code=code,
    statements=statements
)

Delete strategy

PoliciesManagementClient().delete(code)

Delete strategy, the system built-in strategy is officially maintained by Authing and cannot be modified or deleted.

Parameters

• code <string> strategy unique mark

Example

management_client.policies.delete('PolicyCode')

Batch delete strategy

PoliciesManagementClient().delete_many(codeList)

Batch delete policies. The built-in policies of the system are officially maintained by Authing and cannot be modified or deleted.

Parameters

• codeList <string> strategy unique flag list

Example

management_client.policies.delete_many(['PolicyCode']])

Modify strategy

PoliciesManagementClient().update(code, updates)

Modify the strategy. The built-in strategy of the system is officially maintained by Authing and cannot be modified or deleted.

Parameters

• code <string> strategy unique mark
• updates <Object>
• updates.description <string> description
• updates.statements <PolicyStatement[]> policy statement, please refer to https://docs.authing.co/docs/access-control/index.html for detailed format and description
• updates.newCode <string> The new unique flag. If it is passed in, it must be guaranteed to be unique in the user pool.

Example

newStatements = [
    {
        'resource':'book:123',
        'actions': ['books:read','books:update'],
        'effect':'ALLOW'
    }
]
policy = management_client.policies.update(
    code='PolicyCode',
    statements=newStatements
)

Get policy details

PoliciesManagementClient().detail(code)

Get policy details

Parameters

• code <string> strategy unique mark

const policy = await managementClient.policies.detail('CODE');

Example

code ='PolicyCode'
policy = management_client.policies.detail(code)

Get a list of strategies

PoliciesManagementClient().list(options)

Get a list of strategies

Parameters

• options <Object>
• options.page <number> The default value is: 1.
• options.limit <number> The default value is: 10.
• options.excludeDefault <boolean> Whether to exclude system default resources or not. The default value is true.

Example

data = management_client.policies.list()
totalCount, _list = data['totalCount'], data['list']
# totalCount total
# _list Current page list

Get policy authorization record

PoliciesManagementClient().list_assignments(code, page, limit)

Obtain policy authorization records

Parameters

• code <string> strategy unique mark
• page <number> The default value is: 1.
• limit <number> The default value is 10.

Example

data = management_client.policies.list_assignments(
    code='PolicyCode'
)
totalCount, _list = data['totalCount'], data['list']
# totalCount total
# _list Current page list

Add policy authorization

PoliciesManagementClient().add_assignments(policies, targetType, targetIdentifiers)

Add policy authorization, the policy can be authorized to users and roles, and the policy authorized to the role will be inherited by all users under the role. This interface can perform batch operations.

Parameters

• policies <string[]> policy code list
• targetType <PolicyAssignmentTargetType> Optional values ​​are USER (user) and ROLE (role)
• targetIdentifiers <string[]> user id list and role code list

Example

management_client.policies.add_assignments(
    policies=['PolicyCode'],
    targetType='USER', # Authorize to user
    targetIdentifiers=['USERID'] # User's ID
)

management_client.policies.add_assignments(
    policies=['PolicyCode'],
    targetType='ROLE', # Authorize to role
    targetIdentifiers=['PolicyCode'] # Unique identifier of the role
)

Revoke policy authorization

PoliciesManagementClient().remove_assignments(policies, targetType, targetIdentifiers)

Revocation of policy authorization, this interface can be used for batch operations.

Parameters

• policies <string[]> policy code list
• targetType <PolicyAssignmentTargetType> Optional values ​​are USER (user) and ROLE (role)
• targetIdentifiers <string[]> user id list and role code list

Example

management_client.policies.remove_assignments(
    policies=['PolicyCode'],
    targetType='ROLE',
    targetIdentifiers=['RoleCode']
)