Using the Policy Simulator
    • 23 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF

    Using the Policy Simulator

    • Dark
      Light
    • PDF

    Article summary

    Accessing the Simulator

    SaaS Access

    Visit simulator.operations-ext.plainid.cloud/app

    Policy Simulator Local PAA Installation

    To install the Simulator locally on your PAA, contact PlainID support at support@plainid.com.

    Running the Simulator

    Basic Configuration

    1. In the left pane, choose a Response Type.

      • "Asset Resolution": Provides a list of allowed assets and actions for a specific user/application.
      • "Policy Resolution": Returns the logical filtering of data or allowed data items for the user.
        • An additional field should be defined to support Query view.
    2. Fill out the input fields.
      You can access additional information by filling out the fields in the Advanced dropdown.

    • JWT: Allows users to get Identity information from JWT. Users can also use the JWT to specify their Identity Template.
    • UID: The User's unique identity
    • Identity Template ID: Specifies the Identity the user is connected to. This is required when there are multiple Identity Templates within your Environment
    1. Click on Run Report.

    When making a request for Policy Resolution, you need to include an extra field for Query view - the Fully Qualified Table Name. This field should be aligned with the name of the data type Asset template used for data access. This will enable you to visually demonstrate how the original SQL query will be modified based on the Policies in place.

    Advanced Configuration

    Additional options for parameter inputs:

    • Identity Context: Pass identity context data for the request.
    • Identity Attributes: Add identity attributes to support dynamic group calculation or attribute-based conditions.
    • Asset Context: Filter access responses based on the Asset Context defined, excluding Policies unrelated to the provided Asset defined during the calculation process. For more information, check out our article on Working with assetContext.
    • Environmental Data: Pass information required for requests, asset rules, and request conditions.
    • "Time Zone" and "Date and Time" for timestamp definition in request calculations.
    • IP: Passed in the request for IP-based condition calculation.

    Reviewing Authorization Responses

    In "Asset Resolution" response types, you can access:

    • Identity information from the request.
    • Permitted assets, associated Actions, asset IDs, Templates, Attribute lists, and granting Policies.
    • Lists of all Policies granted to the Identity.

    Click Request to view the Authorization request sent to the PDP, which can be useful for custom code or testing with Postman.

    Click Response to view the JSON response as calculated by the PDP.


    Was this article helpful?