Policy Definition Portlet

From Gcube Wiki
Jump to: navigation, search


Introduction

The Policy Definition Portlet allows to define, modify and remove authorization policies for services and roles. It communicates with the Policy Administration Points of our Policy Managers.

Services and Policies Lists

The first screen of the Portlet is a list of the services whose policies the logged user is able to define or manage.

PDPServiceList.png

To show the list of the policy related to a service, the user should select the service and click on the Show Policies button, on the bottom-right side of the screen:

PDPServiceSelected.png

The Policies List is shown by a popup window:

PDPPoliciesList.png

The Policies List Popup provides three functionalities:

  • Create Policy
  • Modify Policy
  • Remove Policy

Create new Policy

If the user clicks on Create Policy button, the creation policy popup is shown:

PDPPolicyCreation.png

the popup contains two combos:

  • by the Policy Type combo it is possible to choose between Role based Policies or Service based Policies
  • the second combo label depends on the first combo choice: for Role based Policies a list of roles is shown, otherwise a list of services

There is also an optional field called Operation that provides the possibility to limit the defined policy to a particular operation: if it is left blank the policy will be applied to all the possible operations. If the permit check box is checked the policy will be a permit policy, otherwise a deny policy.

After the policy has been defined the user should click on Create to upload it to the PAP. The Portlet will show a confirmation popup and, if the operation is confirmed, the final result:


PDPPolicyOk.png

Modify Policy

To modify a Policy the user should select it from the Policies List and click on Modify Policy button. The only modification allowed on a Policy is to switch from permit to deny and vice versa. The Policy Modification Popup is similar to the Policy Creation Popup, but the only modifiable field is the permit check box:

PDPPolicyModification.png

If the user clicks on Update button a confirmation popup is shown and, if the operation is confirmed, the result is shown in another popup.

Remove Policy

To remove a Policy the user should select the policy and click on Remove Policy button. The operation should be confirmed and, after the completion, a popup with the result is shown:


PDPRemovePolicy.png