Sample Policies for Authorization Roles

Use the policy.xml file to control access to cricial functions based on authorization role.

Common authorization roles include adminstration, development, business user, support user, auditor, or customization. The following samples illustrate how you can create policies for each of these roles.

Administration

<Policy type="Cluster">
    <Subjects>
        <Role>admin</Role>
    </Subjects>
    <Resources>
        <Resource>*any</Resource>
    </Resources>
    <Actions>
        <Action>stop</Action>
        <Action>start</Action>
    </Actions>
</Policy>

Development

<Policy type="Project">
    <Subjects>		    
        <Role>developer</Role>
    </Subjects>
    <Resources>		    
        <Resource>DevWorkspace</Resource>
    </Resources>
    <Actions>			
        <Action>read</Action>			
        <Action>write</Action>
        <Action>start</Action>
        <Action>stop</Action>
    </Actions>
</Policy>

Business User

<Policy type="Project">
    <Subjects>		    
        <Role>businessuser</Role>
    </Subjects>
    <Resources>		    
        <Resource>Workspace1/Project1/vwapTrades</Resource>
    </Resources>
    <Actions>			
        <Action>read</Action>			
    </Actions>
</Policy>

Support User

<Policy type="Project">
    <Subjects>		    
        <Role>support</Role>
    </Subjects>
    <Resources>		    
        <Resource>*any*</Resource>
    </Resources>
    <Actions>			
        <Action>read</Action>			
    </Actions>
</Policy>

Auditor

<Policy type="Project">
    <Subjects>		    
        <Role>audit</Role>
    </Subjects>
    <Resources>		    
        <Resource>*any*</Resource>
    </Resources>
    <Actions>			
        <Action>read</Action>			
    </Actions>
</Policy>

Customization

<Policy type="Project">
    <Subjects>		    
        <Role>customization</Role>
    </Subjects>
    <Resources>		    
        <Resource>*any*</Resource>
    </Resources>
    <Actions>			
        <Action>start</Action>			
        <Action>stop</Action>			
    </Actions>
</Policy>