Skip to main content

The most recent patch for this version is 7.4.1.  Learn more  

Version: 7.4

Administration

This section describes the required administration tasks for Policy Designer.

Configure projects

New or existing projects intended to be used in Policy Designer must have at least one attribute configured for each one of the following categories:

  • access-subject or environment
  • action
  • resource

Create all required attributes in ASM as described here.

Manage new users

When a user logs in for the first time to Policy Designer using a third-party identity provider (IdP), a new user entry is created in Keycloak. In order for the user to start authoring policies, you should first configure their user entry in Keycloak and assign them a project to work on.

  1. Open a web browser window and go to https://<hostname>/auth.

    https://localhost/auth if you are using the default hostname.

  2. Log in to the Keycloak Administration Console and make sure that you are in the asm realm.

  3. In the menu, under the Manage section, click Users.

  4. Find and click the appropriate username on the table.

  5. Switch to the Role Mapping tab and click Assign role.

  6. From the list, select pd-users and click Assign.

  7. Switch to the Attributes tab.

  8. In the Key field, enter User-Projects.

    Important

    This field is case sensitive.

  9. In the Value field, enter the project name you wish to grant them access to.

  10. Click Save.

    note

    Only one project can be assigned per user, and it must also be present in ASM as well.

  1. Click Save to apply your changes.

The user is now able to log in to Policy Designer and work on the project you assigned them to.

User-generated policies

After a user enables a policy in Policy Designer, a domain with the name pd_domain is created under the project assigned to them. The functionality of this domain is similar to that of domains created using ASM and can be utilized respectively. For more details, see: