Administration
This section describes the required administration tasks for Policy Designer.
Configure projects
New or existing projects intended to be used in Policy Designer must have at least one attribute configured for each one of the following categories:
- access-subject or environment
- action
- resource
Create all required attributes in ASM as described here.
Manage new users
When a user logs in for the first time to Policy Designer using a third-party identity provider (IdP), a new user entry is created in Keycloak. In order for the user to start authoring policies, you should first configure their user entry in Keycloak and assign them a project to work on.
Open a web browser window and go to
https://<hostname>/auth
.- Default hostname
- Custom hostname
https://localhost/auth
if you are using the default hostname.Append
/auth
to the hostname you are using. For example,https://example.com/auth
.Log in to the Keycloak Administration Console and make sure that you are in the asm realm.
In the menu, under the Manage section, click Users.
Find and click the appropriate username on the table.
Switch to the Role Mapping tab and click Assign role.
From the list, select pd-users and click Assign.
Switch to the Attributes tab.
In the Key field, enter
User-Projects
.ImportantThis field is case sensitive.
In the Value field, enter the project name you wish to grant them access to.
Click Save.
noteOnly one project can be assigned per user, and it must also be present in ASM as well.
- Click Save to apply your changes.
The user is now able to log in to Policy Designer and work on the project you assigned them to.
User-generated policies
After a user enables a policy in Policy Designer, a domain with the name pd_domain
is created under the project assigned to them. The functionality of this domain is similar to that of domains created using ASM and can be utilized respectively. For more details, see: