Administration

This section describes the required administration tasks for Policy Designer.

Configure projects

New or existing projects intended to be used in Policy Designer must have at least one attribute configured for each one of the following categories:

• access-subject or environment
• action
• resource

Create all required attributes in ASM as described here.

Manage new users

When a user logs in for the first time to Policy Designer using a third-party identity provider (IdP), a new user entry is created in Keycloak. In order for the user to start authoring policies, you should first configure their user entry in Keycloak and assign them a project to work on.

1. Open a web browser window and go to https://<hostname>/auth.

2. Log in to the Keycloak administration console and make sure that you are in the Asm realm.

3. In the menu, under the Manage section, click Users.

4. Find and click the user's ID on the table.

5. Switch to the Role Mappings tab.

6. From the Available Roles list, select pd-users and click Add selected>.

7. Switch to the Attributes tab.

8. In the Key field, enter User-Projects.

   Important

   This field is case sensitive.

9. In the Value field, enter the project name you wish to grant them access to and click Add.

   note

   You can assign only one project per user and it should exist in ASM as well.

10. Click Save to apply your changes.

The user is now able to log in to Policy Designer and work on the project you assigned them to.

User-generated policies

After a user enables a policy in Policy Designer, a domain with the name pd_domain is created under the project assigned to them. The functionality of this domain is similar to that of domains created using ASM and can be utilized respectively. For more details, see:

• Domain management (ASM documentation)
• The authorization domain (ADS documentation)
• The authorization domain (ADM documentation)