Skip to main content
Version: 1.6.x

Policy Service

Policy

The Policy service provides methods to configure the access control policies for TSB resources.

All TSB resources have one and exactly one policy document that configures access for it. When resources are created, a default policy is attached to the resource, assigning administration privileges on the resource to the user that created it.

GetPolicy

rpc GetPolicy (tetrateio.api.tsb.rbac.v2.GetPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Get the access policy for the given resource.

SetPolicy

rpc SetPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Set the access policy for the given resource.

GetRootPolicy

rpc GetRootPolicy (tetrateio.api.tsb.rbac.v2.GetAdminPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Requires SetPolicyRootPolicy

Get the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.

SetRootPolicy

rpc SetRootPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Requires SetPolicyRootPolicy

Set the root access policy. The root access policy configures global permissions for the platform. Subjects assigned to a root policy will be granted the permissions described in the policy to all objects ion TSB.

GetRBACPolicy

rpc GetRBACPolicy (tetrateio.api.tsb.rbac.v2.GetAdminPolicyRequest) returns (tetrateio.api.tsb.rbac.v2.AccessPolicy)

Requires SetPolicyRbacPolicy

Get the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.

SetRBACPolicy

rpc SetRBACPolicy (tetrateio.api.tsb.rbac.v2.AccessPolicy) returns (google.protobuf.Empty)

Requires SetPolicyRbacPolicy

Set the global RBAC access policy. The global RBAC access policy configures who can manage the Role objects in TSB.

AccessPolicy

Policy

A policy defines the set of subjects that can access a resource and under which conditions that access is granted.

FieldDescriptionValidation Rule

allow

List of tetrateio.api.tsb.rbac.v2.Binding
The list of allowed bindings configures the different access profiles that are allowed on the resource configured by the policy.

GetAdminPolicyRequest

Request to get the root access policy or the global RBAC access policy.

NameNumberDescription

GetPolicyRequest

Request to get the access policy for a resource.

FieldDescriptionValidation Rule

fqn

string
REQUIRED
Fully-qualified name of the policy.

string = {
  min_len: 1
}