This utility automates the creation of PDP policies.
You will need the following to use the PDP utility:
Access Token with access to the customer instance and DataSets.
The name or ID of the "config" DataSet. This is the DataSet containing the values to create the policies. This typically consists of a user email address and values, as follows:
The user name or group name. Separate multiple names using the pipe (|) character.
The comparison value in a policy. Separate multiple values using the pipe (|) character.
Currently only the "equals" operator is supported.
The application.properties file, which is auto-generated upon a successful login. Once you have logged in, you can run the utility headless.
If you want email notifications on successes and errors, place a properties file in the same directory as the .jar file, as follows:
The following is an example of the configuration DataSet. Your configuration DataSet schema should match exactly what is described below.
target_ds – The name or ID of the data source in which you want to create the policies.
policy_name – The human readable policy name.
policy_column – The column name that the filter will be created on.
user_group – The user name or group name. Separate multiple names using the pipe (|) character.
value – The value in the filter. Separate multiple values using the pipe (|) character.
The utility supports multiple target DataSets in the ‘target_ds’ column (shown in orange and brown in the preceding screenshot).
To add multiple filters, set the ‘policy_name’ and ‘user_group’ to the same values (shown in pink in the preceding screenshot).
To add users/groups to the ‘default’ policy, set the ‘policy_column’ & ‘value’ to All Rows (shown in dark blue in the preceding screenshot).
To add a dynamic policy, set the ‘policy_column’ and ‘value’ to the appropriate “Trusted Attribute” (shown in green in the preceding screenshot). You can get a list of “Trusted Attributes” in More > Admin > Governance > Trusted attributes.
To add a dynamic policy ignoring case, add :ignore_case to the end of the “Trusted Attribute” (shown in light blue in the preceding screenshot).
When there are duplicate policy names, the utility creates a single policy with multiple rules. If duplicate policy names exist on the dataset, they will all be replaced by a single policy.
Running the PDP Utility
The PDP Utility can be run in one of three modes: standalone GUI, Command Line or via a configuration file.
This is a wizard-like interface that walks you through the creation of the PDP Policies. Double-click the PDP.jar or execute from the command line with no parameters.
java -jar pdputil-3.1.0.jar
This is a headless utility that can be scripted. Once you have logged in once, you can run the utility headless.
java -jar pdputil-3.1.0.jar <domain> <config_ds>
<domain> : The customer instance.
<config_ds> : The name or ID of the "config" DataSet. This is the DataSet that contains the key value pairs to create the polices. This is typically a user email and a value.