Policy Service

Service to manage access control policies for TSB resources

Policy

The Policy service provides methods to configure the access control policies for TSB resources.

All TSB resources have one and exactly one policy document that configures access for it. When resources are created, a default policy is attached to the resource, assigning administration privileges on the resource to the user that created it.

GetPolicy

rpc GetPolicy (tetrateio.api.tsb.rbac.v2.GetPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Get the access policy for the given resource.

SetPolicy

rpc SetPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Set the access policy for the given resource.

GetRootPolicy

rpc GetRootPolicy (tetrateio.api.tsb.rbac.v2.GetAdminPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Requires SET_POLICY

Get the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.

SetRootPolicy

rpc SetRootPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Requires SET_POLICY

Set the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.

GetRBACPolicy

rpc GetRBACPolicy (tetrateio.api.tsb.rbac.v2.GetAdminPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Requires SET_POLICY

Get the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.

SetRBACPolicy

rpc SetRBACPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Requires SET_POLICY

Set the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.

AccessPolicy

Policy

A policy defines the set of subjects that can access a resource and under which conditions that access is granted.

Field Description Validation Rule

allow

List of tetrateio.api.tsb.rbac.v2.Binding
The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

GetPolicyRequest

Request to get the access policy for a resource.

Field Description Validation Rule

fqn

string
REQUIRED
Fully-qualified name of the policy.

string = {
  min_len: 1
}