Creating Policy Elements
Policy rule criteria consist of resource sets, user sets, signature sets, process sets, action, and effect, and are called policy elements. These elements should exist on the CipherTrust Data Security Platform Service before you can use them in security policies. This section describes steps to create policy elements using the CTE API.
Click the following tabs for details on policy elements.
Creating User Sets
-
The
name
field is mandatory for creating a user set. -
Any number of users can be added to a single user set.
-
Add users by specifying
uname
,gname
,uid
, orgid
.
The following sample creates a user set, UserSet1
having two users, user1
and user2
.
API
/v1/transparent-encryption/usersets
Sample
{
"name": UserSet1,
"users": [
{
"gid": 1001,
"gname": "user1",
"os_domain": "Linux",
"uid": 1001,
"uname": "user1"
},
{
"gid": 1002,
"gname": "user2",
"os_domain": "Linux",
"uid": 1002,
"uname": "user2"
}
]
}
Creating Resource Sets
-
The
name
field is mandatory for creating a resource set. -
The
type
field determines the type of the resource set. The type can beDirectory
orClassification
. The default type isDirectory
. -
Any number of resources can be added to a single resource set.
-
Add resources by specifying paths using
directory
and/orfile
fields. ForDirectory
type resource sets, you can specify whether to include subdirectories by usinginclude_subfolders
. Set totrue
to include subdirectories, set tofalse
to exclude. -
Set
hdfs
totrue
for an HDFS path.
The following samples create two resource sets, ResourceSet1
and ResourceSetHDFS1
of the type Directory
having two resources.
API
/v1/transparent-encryption/resourcesets
Sample
{
"name": "ResourceSet1",
"resources": [
{
"directory": "/home/test-user/dir1/,
"file": *.txt,
"include_subfolders": true
},
{
"directory": "/home/test-user/dir2/,
"file": *.bin,
"include_subfolders": true
}
],
"type": "Directory"
}
Sample (HDFS)
{
"name": "ResourceSetHDFS1",
"resources": [
{
"directory": "/home/test-user/dir3/,
"file": *.txt,
"include_subfolders": true,
"hdfs": true
},
{
"directory": "/home/test-user/dir4/,
"file": *.bin,
"include_subfolders": true,
"hdfs": true
}
],
"type": "Directory"
}
Creating Signature Sets
-
The
name
field is mandatory for creating a signature set. -
Any number of sources can be added to a single signature set.
The following sample creates a signature set, SignatureSet1
having a source_list
of two processes, /usr/bin
and /usr/sbin
.
API
/v1/transparent-encryption/signaturesets
Sample
{
"name": "SignatureSet1",
"source_list": [
"/usr/bin",
"/usr/sbin"
]
}
Creating Process Sets
-
The
name
field is mandatory for creating a process set. -
Any number of processes can be added to a single process set.
-
Add processes by specifying their details using
signature
,directory
, and/orfile
.
The following sample creates a process set, ProcessSet1
having two processes with their signature
, directory
, and process file
name.
API
/v1/transparent-encryption/processsets
Sample
{
"name": "ProcessSet1",
"processes": [
{
"signature": "SignatureSet1",
"directory": "/home/testUser",
"file": "*"
},
{
"signature": "SignatureSet2",
"directory": "/home/kyloTest",
"file": "kylo.bin"
}
]
}