Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

API Examples

Creating Policy Elements

search

Please Note:

Creating Policy Elements

Policy rule criteria consist of resource sets, user sets, signature sets, process sets, action, and effect, and are called policy elements. These elements should exist on the CipherTrust Manager before you can use them in security policies. This section describes steps to create policy elements using the CTE API.

Click the following tabs for details on policy elements.

Creating User Sets

  • The name field is mandatory for creating a user set.

  • Any number of users can be added to a single user set.

  • Add users by specifying uname, gname, uid, or gid.

The following sample creates a user set, UserSet1 having two users, user1 and user2.

API

1
/v1/transparent-encryption/usersets

Sample

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{
    "name": UserSet1,
       "users": [
            {
                "gid": 1001,
                "gname": "user1",
                "os_domain": "Linux",
                "uid": 1001,
                "uname": "user1"
            },
            {
                "gid": 1002,
                "gname": "user2",
                "os_domain": "Linux",
                "uid": 1002,
                "uname": "user2"
            }
        ]
}

Creating Resource Sets

  • The name field is mandatory for creating a resource set.

  • The type field determines the type of the resource set. The type can be Directory or Classification. The default type is Directory.

  • Any number of resources can be added to a single resource set.

  • Add resources by specifying paths using directory and/or file fields. For Directory type resource sets, you can specify whether to include subdirectories by using include_subfolders. Set to true to include subdirectories, set to false to exclude.

  • Set hdfs to true for an HDFS path.

The following samples create two resource sets, ResourceSet1 and ResourceSetHDFS1 of the type Directory having two resources.

API

1
/v1/transparent-encryption/resourcesets

Sample

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
{
    "name": "ResourceSet1",   
    "resources": [
        {
                "directory": "/home/test-user/dir1/,
                "file": *.txt,
                "include_subfolders": true
        },
        {
                "directory": "/home/test-user/dir2/,
                "file": *.bin,
                "include_subfolders": true
        }
    ],
    "type": "Directory"
}

Sample (HDFS)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
{
    "name": "ResourceSetHDFS1",
    "resources": [
        {
                "directory": "/home/test-user/dir3/,
                "file": *.txt,
                "include_subfolders": true,
                "hdfs": true
        },
        {
                "directory": "/home/test-user/dir4/,
                "file": *.bin,
                "include_subfolders": true,
                "hdfs": true
        }
    ],
    "type": "Directory"
}

Creating Signature Sets

  • The name field is mandatory for creating a signature set.

  • Any number of sources can be added to a single signature set.

The following sample creates a signature set, SignatureSet1 having a source_list of two processes, /usr/bin and /usr/sbin.

API

1
/v1/transparent-encryption/signaturesets

Sample

1
2
3
4
5
6
7
{
    "name": "SignatureSet1",   
    "source_list": [
        "/usr/bin",
        "/usr/sbin"
    ]
}

Creating Process Sets

  • The name field is mandatory for creating a process set.

  • Any number of processes can be added to a single process set.

  • Add processes by specifying their details using signature, directory, and/or file.

The following sample creates a process set, ProcessSet1 having two processes with their signature, directory, and process file name.

API

1
/v1/transparent-encryption/processsets

Sample

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
{
    "name": "ProcessSet1",
    "processes": [
        {
            "signature": "SignatureSet1",
            "directory": "/home/testUser",
            "file": "*"
        },
        {
            "signature": "SignatureSet2",
            "directory": "/home/kyloTest",
            "file": "kylo.bin"
        }
    ]
}