UserPolicies

Realm Operations

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.

Resource path:

/users/{user}/policies

Resource version: 1.0

create

Create new policy

Usage

am> create UserPolicies --realm Realm --id id --body body --user user

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "$schema" : "http://json-schema.org/draft-04/schema#",
  "description" : "Json schema for the policy resource",
  "title" : "Policy Resource Schema",
  "type" : "object",
  "properties" : {
    "name" : {
      "title" : "Name",
      "description" : "String matching the name of the application",
      "type" : "string"
    },
    "active" : {
      "title" : "Active flag",
      "description" : "Boolean indicating whether OpenAM considers the policy active for evaluation purposes, defaults to false",
      "type" : "boolean"
    },
    "description" : {
      "title" : "Description",
      "description" : "String describing the policy",
      "type" : "string"
    },
    "applicationName" : {
      "title" : "Application name",
      "description" : "String containing the application name, such as \"iPlanetAMWebAgentService\", or \"mypolicyset\"",
      "type" : "string"
    },
    "actionValues" : {
      "title" : "Action values",
      "description" : "Set of string action names, each set to a boolean indicating whether the action is allowed. Chosen from the available actions provided by the associated Managing Resource Types resource type",
      "type" : "object",
      "additionalProperties" : {
        "type" : "boolean"
      }
    },
    "resources" : {
      "title" : "Resources",
      "description" : "List of the resource name pattern strings to which the policy applies. Must conform to the pattern templates provided by the associated Managing Resource Types resource type",
      "type" : "array",
      "items" : {
        "type" : "string"
      }
    },
    "subject" : {
      "title" : "Subject",
      "description" : "Specifies the subject conditions to which the policy applies, where subjects can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where subject implementations are pluggable",
      "type" : "object"
    },
    "condition" : {
      "title" : "Condition",
      "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable",
      "type" : "object",
      "properties" : {
        "type" : {
          "type" : "string"
        },
        "conditions" : {
          "type" : "array",
          "title" : "Condition",
          "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable",
          "items" : {
            "type" : "object"
          }
        }
      }
    },
    "resourceTypeUuid" : {
      "title" : "Resource Type UUID",
      "description" : "The UUIDs of the resource type associated with the policy",
      "type" : "string"
    },
    "resourceAttributes" : {
      "title" : "Resource Attributes",
      "description" : "List of attributes to return with decisions. These attributes are known as response attributes",
      "type" : "array",
      "items" : {
        "type" : "object"
      }
    },
    "lastModifiedBy" : {
      "title" : "Last Modified By",
      "description" : "A string containing the universal identifier DN of the subject that most recently updated the policy",
      "type" : "string"
    },
    "lastModifiedDate" : {
      "title" : "Last Modified date",
      "description" : "An integer containing the last modified date and time, in number of seconds",
      "type" : "string"
    },
    "createdBy" : {
      "title" : "Created By",
      "description" : "A string containing the universal identifier DN of the subject that created the policy",
      "type" : "string"
    },
    "creationDate" : {
      "title" : "Creation Date",
      "description" : "An integer containing the creation date and time, in number of seconds",
      "type" : "string"
    }
  }
}
--user

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.

delete

Delete policy

Usage

am> delete UserPolicies --realm Realm --id id --user user

Parameters

--id

The unique identifier for the resource.

--user

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.

query

Query the stored policies

Usage

am> query UserPolicies --realm Realm --filter filter --user user

Parameters

--filter

A CREST formatted query filter, where "true" will query all. Fields that can be queried: [*]

--user

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.

read

Read policy

Usage

am> read UserPolicies --realm Realm --id id --user user

Parameters

--id

The unique identifier for the resource.

--user

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.

update

Update an existing policy

Usage

am> update UserPolicies --realm Realm --id id --body body --user user

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "$schema" : "http://json-schema.org/draft-04/schema#",
  "description" : "Json schema for the policy resource",
  "title" : "Policy Resource Schema",
  "type" : "object",
  "properties" : {
    "name" : {
      "title" : "Name",
      "description" : "String matching the name of the application",
      "type" : "string"
    },
    "active" : {
      "title" : "Active flag",
      "description" : "Boolean indicating whether OpenAM considers the policy active for evaluation purposes, defaults to false",
      "type" : "boolean"
    },
    "description" : {
      "title" : "Description",
      "description" : "String describing the policy",
      "type" : "string"
    },
    "applicationName" : {
      "title" : "Application name",
      "description" : "String containing the application name, such as \"iPlanetAMWebAgentService\", or \"mypolicyset\"",
      "type" : "string"
    },
    "actionValues" : {
      "title" : "Action values",
      "description" : "Set of string action names, each set to a boolean indicating whether the action is allowed. Chosen from the available actions provided by the associated Managing Resource Types resource type",
      "type" : "object",
      "additionalProperties" : {
        "type" : "boolean"
      }
    },
    "resources" : {
      "title" : "Resources",
      "description" : "List of the resource name pattern strings to which the policy applies. Must conform to the pattern templates provided by the associated Managing Resource Types resource type",
      "type" : "array",
      "items" : {
        "type" : "string"
      }
    },
    "subject" : {
      "title" : "Subject",
      "description" : "Specifies the subject conditions to which the policy applies, where subjects can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where subject implementations are pluggable",
      "type" : "object"
    },
    "condition" : {
      "title" : "Condition",
      "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable",
      "type" : "object",
      "properties" : {
        "type" : {
          "type" : "string"
        },
        "conditions" : {
          "type" : "array",
          "title" : "Condition",
          "description" : "Specifies environment conditions, where conditions can be combined by using the built-in types \"AND\", \"OR\", and \"NOT\", and where condition implementations are pluggable",
          "items" : {
            "type" : "object"
          }
        }
      }
    },
    "resourceTypeUuid" : {
      "title" : "Resource Type UUID",
      "description" : "The UUIDs of the resource type associated with the policy",
      "type" : "string"
    },
    "resourceAttributes" : {
      "title" : "Resource Attributes",
      "description" : "List of attributes to return with decisions. These attributes are known as response attributes",
      "type" : "array",
      "items" : {
        "type" : "object"
      }
    },
    "lastModifiedBy" : {
      "title" : "Last Modified By",
      "description" : "A string containing the universal identifier DN of the subject that most recently updated the policy",
      "type" : "string"
    },
    "lastModifiedDate" : {
      "title" : "Last Modified date",
      "description" : "An integer containing the last modified date and time, in number of seconds",
      "type" : "string"
    },
    "createdBy" : {
      "title" : "Created By",
      "description" : "A string containing the universal identifier DN of the subject that created the policy",
      "type" : "string"
    },
    "creationDate" : {
      "title" : "Creation Date",
      "description" : "An integer containing the creation date and time, in number of seconds",
      "type" : "string"
    }
  }
}
--user

The User Policy resource endpoint is responsible for managing a user’s policies. The available operations are create, read, update, delete, query. Policies are realm specific, hence the URI for the policies API can contain a realm component. If the realm is not specified in the URI, the top level realm is used.