Creating Policies
This section describes steps to create standard policies using the CTE API. Standard policies have security and key rule requirements, as described below. Refer to Creating Keys for details.
Creating Standard Policies
A STANDARD policy should contain security rules and/or key rules. At least one of these rules must be added to the standard policy.
The security rules define the access permissions based on the policy elements (user sets, resource set, and process sets). The key rules define what key is used for encryption and decryption of data.
In the following sample, in the security rule:
All users in the user set "Sample_User_Set1" have read/write access on the processes in the process set "Sample_Process_Set1" and resources in the resource set "Sample_Resource_Set1".
When a user of "Sample_User_Set1" performs any operation, the policy with the key "Sample_StandardPolicyKey" is applied.
Note
CTE UserSpace does not support security rules with process sets or user sets for Block Devices. Refer to Sample Policy for Block Devices.
API
/v1/transparent-encryption/policies/
Sample
{
"never_deny": false,
"security_rules": [
{
"process_set_id": "Sample_Process_Set1",
"resource_set_id": "Sample_Resource_Set1",
"user_set_id": "Sample_User_Set1",
"exclude_user_set": false,
"exclude_resource_set": false,
"exclude_process_set": false,
"partial_match": true,
"action": "read,write",
"effect": "permit,audit,applykey"
},
{
"process_set_id": "",
"resource_set_id": "",
"user_set_id": "",
"exclude_user_set": false,
"exclude_resource_set": false,
"exclude_process_set": false,
"partial_match": true,
"action": "all_ops",
"effect": "deny,audit"
}
],
"policy_type": "Standard",
"key_rules": [
{
"key_id": "Sample_StandardPolicyKey"
}
],
"name": "Sample_Standard_Policy",
"description": "This is a sample for a Standard policy."
}
Sample Policy for Block Devices
{
"never_deny": false,
"security_rules": [{
"resource_set_id": "Sample_Resource_Set1",
"exclude_resource_set": false,
"partial_match": true,
"action": "read,write",
"effect": "permit,audit,applykey"
},
{
"partial_match": true,
"action": "all_ops",
"effect": "deny,audit"
}
],
"policy_type": "Standard",
"key_rules": [{
"key_id": "Sample_StandardPolicyKey"
}],
"name": "Sample_Standard_Policy_for_Block_Device",
"description": "Sample Standard policy for Block Devices."
}