πŸ“„ Configure and Manage Policies

Configure and Manage Policies

This article explains how to configure and manage Policies.


Requirements

Make sure that New Feature - Authorization Framework is installed in the Upgrade Center.

Basic knowledge of how to navigate Policies is required.


Add Policies

Policy List

When you open the Access Policy page, you will see the list of Policies and their details.

The following fields must be completed to add a new Policy:

Field
Character Limit
Character Types
Policy Name
Up to 250 characters

Allows most characters, except for restricted characters.

Policy Names must be unique.
Description
Up to 1000 characters
Allows most characters, except for restricted characters.
❌

Restricted characters include:

  • \ (Backslash)
  • / (Slash)
  • : (Colon)
  • * (Asterisk)
  • ? (Question mark)
  • " (Quotation mark)
  • < (Less-than sign)
  • > (Greater-than sign)
  • | (Vertical bar)


You define the Permissions for the Policy in the Permissions section.

A Permission has four key parameters:

  • Tool: The area or module within Strato where the intended permission is implemented.
  • Actions: The type of operations allowed or denied on the selected objects. You can switch between Allow or Deny by clicking the Switch button.
  • Objects: Entities or resources within the chosen tool to which the permission is applied. You can select specific Data Objects from the selected Types of Objects.
  • Targets: Defines who or where a permission applies. It has two components:
    • Target Population: Specifies the users that will be affected by the Policy using conditional statements.

    • You can create condition groups where you can define which User Properties to check (for example, Country Code), how to compare it (for example, Equals), and values to compare it to (for example, AU). These values can be static, or dynamically fetched from a specific User Property of the logged-in user. You can string multiple conditions and condition groups together.


    • πŸ’‘

      Depending on the method of comparison, the value field may not be shown.


    • Target View: Specifies the screen or interface where the Policy is enforced. For example, a manager can only upload documents on behalf of their employees in the Storage Deck.

An easy way to remember Permissions is to read it as a single sentence from top to bottom:

On this tool, what can we or cannot do to these objects and for whom?
πŸ’‘

Depending on the selected tool, some parameters may not be shown when defining Permissions.


You can add more Permissions to a Policy by clicking the Add Additional Permissions button on the lower left. You can also remove a Permission from a Policy by clicking the Delete icon.


Edit Policies

You can edit a Policy by clicking the More button, and then Edit. This will redirect you to the Edit Policy page.

The same fields from the New Policy page can also be edited in Edit Policy.


Clone Policies

You can clone a Policy by clicking the More button, and then Clone. This will redirect you to the Clone Policy page.

The new Policy will inherit all details of the source Policy. From here, you can edit the details like you would in New or Edit Policy.


Delete Policies

You can delete a Policy by clicking the More button, and then Delete. A prompt will appear, asking if you want to delete the selected Policy.


Continue Setting Up

After you create Policies, it is recommended that you create and manage Groups to assign those Policies to the relevant users.


Related articles