Solution Designer has been deprecated in favor of Opus Solution Environment (OSE).

Develop policies

A solution's policies define granular access to apps at the API endpoint level. Policies can reference permissions, which allow Solution Developers to make the policy active at the user level, rather than at the app level. For example, policies can restrict access to data associated with a specific target market using an expression that compares attributes in the data model against specific values and associates the policy with a permission.

Because policies can restrict access at a granular level, test custom policies thoroughly to ensure that the policies do not inadvertently remove essential access to data. Contact TraceLink Support for assistance as needed.

Select policies for the solution

Policies are one of the assets that solutions use, which means that they are added independently of a solution and can be reused across many solutions. Apply a policy to an app's enforcement points or associate a policy with a permission to determine which policies are active for users.

Policies and permissions are always shared across all solutions within an environment, even if the solutions are for different apps (i.e. all solutions in the environment use all policies and permissions in the environment, and Solution Developers do not specify which policies and permissions a solution uses). However, the enforcement points that a policy is applied to are specific within a solution. For example, Policy X can be applied to enforcement points H, I, and J within Solution A, and enforcement points K, L, and M within Solution B, though the policy's logic is shared across both solutions.

Apply a policy to an app's enforcement points, which are the gateways to various parts of an API, to use the policy with the solution's app. When a policy is applied to an enforcement point, the policy is active for all users that interact with the app, regardless of their role.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Filter for the policy from the Policies tab.
  8. Select the Action icon for the policy to apply to the enforcement points to.
  9. Select Assign Enforcement Points.
  10. Select the enforcement points to apply the policy to.

    Tips:

    • Enter a Keyword to search for a specific enforcement point.
    • Select All enforcement points to apply the policy to all of the app's enforcement points.
    • Each enforcement point can have only one policy applied to it at a time.
  11. Select Assign.

    The policy is applied to the selected enforcement points.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Filter for the policy to revoke the enforcement points from on the Policies tab.
  8. Select the Action icon for the policy.
  9. Select Revoke Enforcement Points.
  10. Select the enforcement points to revoke.

    Tips:

    • Enter a Keyword to search for a specific enforcement point.
    • Select All enforcement points to revoke all of the app's currently applied enforcement points.
  11. Select Revoke.

    The selected enforcement points are revoked from the policy.

Add custom policies and permissions

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Select Permissions.
  8. Select the Add Permission icon.
  9. Fill in the fields in the New Permission panel:
    • Permission Name field – Required. The identifying name for the permission, which must be unique across all permissions in the environment. Solution Developers associate the permission to a policy by referencing the Permission Name in the policy's Expression.
    • Display Label field – Required. The name that displays in the Web UI for the permission (e.g. in the Permissions section of the Role tab).
  10. Select Add.

    The permission is added and available to use in all solutions in the environment.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Filter for the policy to modify.
  8. Select the Action icon for the policy, which must have a Type of Custom.

  9. Select Remove.

  10. Select Remove in the confirmation dialog.

    The custom policy is removed from the environment.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Select Permissions.
  8. Filter for the permission to remove.
  9. Select the Action icon for the permission.

  10. Select Remove.

  11. Select Remove in the confirmation dialog.

    The custom permission is removed from the environment.

Modify policies and permissions

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Select Permissions.
  8. Filter for the permission to modify.
  9. Select the Action icon for the permission.

  10. Select Edit.

  11. Fill in the following fields in the Edit Permission panel:
    • Permission Name field – Required. The identifying name for the permission, which must be unique across all permissions in the environment. Solution Developers associate the permission to a policy by referencing the Permission Name in the policy's Expression.
    • Display Label field – Required. The name that displays in the Web UI for the permission (e.g. in the Permissions section of the Role tab).
  12. Select Save.

Associate a policy with a permission, which can be selected when defining roles for the solution. When a policy is associated with a permission, and the permission is selected for a role, the policy is active only for users that have that role assigned.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Filter for the policy to associate with the permission on the Policies tab.
  8. Select the Action icon for the policy, which must have a Type of Custom.
  9. Select Edit Policy.
  10. Edit the policy's Expression to associate the policy with the appropriate permission.

    Rego is the declarative language used to define Open Policy Agent policies. See the Open Policy Agent website for information.

  11. Select Save.

    The policy is associated with the permission.

  1. Select Customize in the side menu.
  2. Select Solutions.
  3. Select the Application with the solutions to view.
  4. Select the Action icon for the solution on the Installed Solutions tab.
  5. Select Edit.
  6. Select Policy.

    Select Show Studios if the Policy tab does not display.

  7. Filter for the policy from the Policies tab.
  8. Select the Action icon for the policy to view enforcement points for.
  9. Select View Enforcement Points.
    All enforcement points that the policy is currently applied to are listed.

Tips: