Contents x
      Importing a Policy
      • 07 Apr 2024
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Contents

      Importing a Policy

      • Updated on 07 Apr 2024
      • 3 Minutes to read
      • Print
      • Dark
        Light
      • PDF
      Article summary

      Importing a Policy in structured REGO (either from a Policy that was exported from an Environment, or a Policy written Structured Rego) is used to create a new Policy in an Environment or update an existing Policy, and promote Policies between Environments. Note that only valid Policies can be created successfully. The import process can be done in the Authorization Workspace or using the Import Policy API (as detailed in the PlainID Developer Portal).

      A Policy that was Inactive in the Environment from which it was exported, will, by default, be Active in the Environment where it is imported, if It is created for the first time. Updating an existing policy via import does not impact the policy State. If you wish to deactivate the Policy in the target Environment into which it was imported, see Managing Policies.

      Prerequisites

      The following objects need to be available in the target Environment to successfully import the code

      • Identity Templates in the target Environment with relevant Identity Attributes defined in the Identity Workspace Settings screen.
      • Asset Templates in the target Environment with associated Asset Attributes and Actions defined in the Asset Type Settings screen.

      The following objects need to be available in the target Environment for Policies created to be considered in the access decision

      • Asset Types used in Policy should be connected to an Application defined in the Applications area of the Authorization Workspace.
      • The relevant Application should be connected to a Scope defined in the Environment settings.


      Without these objects, the Policies can be successfully imported, but will not be considered as part of the Access decisions calculation.

      Note - These connections can be defined before or after importing the Policy.

      All Policies in the Authorization Platform Policy written in the Structured Rego language required by the Authorization Platform can be imported into the Platform. Once the code is validated and successfully imported, the Policies will appear in the Policy Catalog in the Authorization Workspace.


      Importing a New Policy

      When creating a new Policy by importing it, after the import, the Rego code appears in the Import Policy screen. In this window, you can review the code, correct the errors, and then create the Policy, as detailed below.

      To import Policy Code:
      1. In the Policy Catalog, click Import Policy Code. The Import Policy Code screen is displayed. 
      2. In this screen, you can import a .rego file in the following ways:
        • Drag and drop the Rego file into the box 
        • Browse to find and upload a Rego file
      3. * Download a Rego file sample to guide you in creating your own Policy (see below).
      4. After the file is imported, the .rego code is displayed and any errors are highlighted. If you need to edit the code, you can edit in the wizard screen. Alternatively, you can edit it and import it again. 
      5.  Click Validate as needed to check the code again. Any errors will be displayed. Correct the errors as needed and click Validate again. 
      6. When the code has been validated, click Create Policy.

      The Authorization Platform's Import Policy screen includes an option to download a sample structured Rego file to guide you in writing your own structured Rego Policies.

      To download a sample structured Rego file: 

      1. In the Authorization Workspace, click Import Policy Code. The Import Policy Code screen opens.
      2. Click Download File Sample. A sample .rego file is downloaded.

      The file shows the syntax of the structured Rego format used to build Policies. If you have a Policy in one Environment, you can also choose to export the Policy and then import it into a different Environment.

      Updating an Existing Policy

      If the Policy exists already, you are prompted to approve an update to the existing Policy. If you are updating an existing Policy, the process is similar to creating a new Policy, as detailed above. The major difference is that you will be prompted to confirm that you wish to replace the existing version with the uploaded version.

      As with a new Policy, if during the initial validation process errors are found, the Import Policy screen will highlight the errors in the file and list these errors in the lower part of the window. You can edit and correct the Policy within this screen based on the error messages you receive. 

      If you make any corrections, click Validate to parse the file again for any errors. 

      Once the file has been validated, click Update Policy.


      Was this article helpful?
      What's Next