I am beginner for creating XACML 3.0 policies. In my case we have multiple actions for a single resource.The permissions of a single resource will be depend upon Role.Here in my case resource in the sense like "Name" and "Actions" in the sense "Read,Create,Update,Delete". Please suggest me the best way of creating policy?
Asked
Active
Viewed 91 times
1 Answers
0
You can use policy editors to create XACML policies. There are some policy editors that are available free. If you are using WSO2 identity Server, You can find the policy editors in the management console to create the XACML policies. You can find more details about them from here. Also According to the your scenario, let me give few suggestion of creating a XACML policy
First identify the entities and their mapping.. Just think as following
- Policy is going to create for Resource -- foo
- Foo resource has actions -- Read,Create,Update,Delete
- All actions can be preformed by role -- admin
- Read action can be preformed by role -- role1
- Update,Create action can be preformed by role - role2
Identify the target for policy --> This can be the entity that policy is written for, Here it is the resource; i.e "foo"
Define rules policy rule. There can be three rules (if want , we can write them in even one rule)
- All action --> admin
- Read action ---> role1
- Update,Create -- role2
(Optional) Define the last rule as denied to avoid any other access to foo resource
I am attaching UI view of the Identity Server simple policy editor that is used to create the above scenario..(deny rule would be auto generated in this editor). once you have the template and idea, It is easy even to modify the policy using XML and see try out.
Asela
- 5,781
- 1
- 15
- 23