This utility automates the creation of PDP policies.
You will need the following to use the PDP utility:
- Access Token with access to the customer instance and DataSets.
- The name or ID of the ‘config’ DataSet. This is the DataSet that contains the values to create the polices. This is typically a user email and values.
- The user name or group name. Multiples are separated by the pipe ‘|’ character.
- The comparison ‘value’ in a policy, separated each value with the pipe ‘|’ character.
- Currently only the ‘Equals’ operator is supported.
- If you want email notifications on successes & errors, place a properties file in the same directory as the jar.
- This file is auto-generated on a successful login. Once you have logged in successfully, you can run the utility headless.
The following is an example of the configuration DataSet.
- target_ds – The name or ID of the DataSet where you want to create the policies.
- policy_name – The human readable policy name.
- All – Delete all existing PDP policies before creating any new ones.
- Matches – Only delete the PDP policies that match by name.
- None – Do not delete any of the existing PDP policies.
- Update – Update the PDP policies that match by name, create new PDP policies that are not in the existing list & delete any orphaned policies.
- policy_column – The column name that the filter will be created on.
- user_group – The user name or group name. Multiples are separated by the pipe ‘|’ character.
- value – The value in the filter. Multiples are separated by the pipe ‘|’ character.
To add multiple filters, set the ‘policy_name’ & ‘user_group’ to the same values. Pink highlight.
The utility supports multiple target DataSet in the ‘target_ds’ column. Red & Green highlights.
To add users/groups to the ‘default’ policy set the ‘policy_column’ & ‘value’ to “All Rows". Purple highlight.
Running the PDP Utility
The PDP Utility can be run in one of two modes: standalone GUI or Command Line.
This is a wizard like interface that will walk you through the creation of the PDP Policies. Double click the PDP.jar or execute from the command line with no params.
java -Xmx1024m -jar PDP_2.0.jar
This is a headless utility that can be scripted. Once you have logged in successfully, you can run the utility headless.
java -Xmx1024m -jar PDP_2.0.jar <domain> <config_ds>
<domain> : The customer instance
<config_ds> : The name or ID of the ‘config’ dataset. This is the dataset that contains the key value pairs to create the polices. This is typically a user email and a value.