Policy Introduction Policy Syntax Working with Policies Identifying Resources Granting Permissions Default Policies Policy Authoring Tutorial Policy Examples Policy Simulation Global Claims Policy Variables Policy Data Tutorial

Service Policy Examples

This section provides policy examples for service creation and binding.

Service permissions

The following policy establishes permissions for services resources:

service::/ {
  if (permit == all) {
    permit create, read, update, delete
    permit bind
  }
}

Service policy example 1

Policy on services is a two-way handshake. Both the service and the job must permit the binding.

For example:

service::/sandbox/tom {
    if (job fqnMatch "job::/sandbox/tom") {
        permit bind
    }
}

job::/sandbox/tom {
    if (service fqnMatch "service::/sandbox/tom") {
        permit bind
    }
}

Service policy example 2

The following policy block gives tom all controls on the service::/sandbox/tom realm and all descendant realms.

service::/sandbox/tom {
  if (auth_server@apcera.me->name == "tom") {
    permit all
  }
  if (permit == "all") {
    permit create, read, update, delete
    permit bind
  }
  if (permit == "all" && job fqnMatch "job::/sandbox/tom") {
    permit bind
  }
}

The last rule indicates that jobs in the realm job::/sandbox/tom can bind to services in the service::/sandbox/tom realm.

intro

Getting Started

Working with Jobs

Staging and Packages

Routes

Networks

Connecting Services

Policy and Governance

Developer Tutorials

API Documentation

Installing Apcera Platform

Configuring Apcera Platform

Operations

Reference Information

Service Policy Examples

Service permissions

Service policy example 1

Service policy example 2