This utility automates the creation of PDP policies.
You will need the following to use the PDP utility:
Access Token with access to the customer instance and DataSets.
The name or ID of the "config" DataSet. This is the DataSet containing the values to create the policies. This typically consists of a user email address and values, as follows:
The user name or group name. Separate multiple names using the pipe (|) character.
The comparison value in a policy. Separate multiple values using the pipe (|) character.
Currently only the "equals" operator is supported.
The application.properties file, which is auto-generated upon a successful login. Once you have logged in, you can run the utility headless.
If you want email notifications on successes and errors, place a properties file in the same directory as the .jar file, as follows:
The following is an example of the configuration DataSet. Your configuration DataSet schema should match exactly what is described below.
target_ds – The name or ID of the data source in which you want to create the policies.
policy_name – The human readable policy name.
All – Delete all existing PDP policies before creating any new ones.
Matches – Only delete the PDP policies that match by name.
None – Do not delete any of the existing PDP policies.
Update – Update the PDP policies that match by name, create new PDP policies that are not in the existing list, and delete any orphaned policies.
policy_column – The column name that the filter will be created on.
user_group – The user name or group name. Separate multiple names using the pipe (|) character.
value – The value in the filter. Separate multiple values using the pipe (|) character.
The utility supports multiple target DataSets in the ‘target_ds’ column (shown in orange and brown in the preceding screenshot).
To add multiple filters, set the ‘policy_name’ and ‘user_group’ to the same values (shown in pink (rows 2 and 3) in the preceding screenshot)). It is very important to order this DataSet by the `target_ds` column and then the `policy_name` column. This ensures all the actions happen on the same DataSet and the same policy.
To add users/groups to the ‘default’ policy, set the ‘policy_column’ & ‘value’ to All Rows (shown in dark blue (row 5) in the preceding screenshot)).
To add a dynamic policy, set the ‘policy_column’ and ‘value’ to the appropriate “Trusted Attribute” (shown in green (row 6) in the preceding screenshot)). You can get a list of “Trusted Attributes” in Admin Settings > Security > Trusted.
To add a dynamic policy ignoring case, add :ignore_case to the end of the “Trusted Attribute” (shown in light blue (row 7) in the preceding screenshot)).
Running the PDP Utility
The PDP Utility can be run in one of three modes: standalone GUI, Command Line or via a configuration file.
This is a wizard-like interface that walks you through the creation of the PDP Policies. Double-click the PDP.jar or execute from the command line with no parameters.
java -Xmx1024m -jar PDP_2.0.jar
This is a headless utility that can be scripted. Once you have logged in once, you can run the utility headless.
java -Xmx1024m -jar PDP_2.0.jar <domain> <config_ds>
<domain> : The customer instance.
<config_ds> : The name or ID of the "config" DataSet. This is the DataSet that contains the key value pairs to create the polices. This is typically a user email and a value.