search

Policies

"Policies" in our accelerator product refers to the predefined rules and guidelines that govern the behavior and access control of users, objects, and resources within the system. These policies define the permissions, restrictions, and conditions that determine how users can interact with the platform and its components.

hashtag
Policies Data Model

Name
Data Type
Description

_id

ObjectId

System-generated unique identifier assigned to each role.

_createdAt

Date

System-generated timestamp that denotes the date and time when a policy was created.

_createdBy

String

System-generated field that indicates the account who created.

_modifiedAt

Date

System-generated generated timestamp that denotes the date and time when a policy was modified.

_modifiedBy

String

System-generated field that indicates the account who modified.

name

String

Represents the name of the policy in the system.

label

String

Represents the label of the policy in the system.

description

String

Represents the description of the policy in the system.

version

String

Represents the version of the policy in the system.

type

String

Represents the type of the policy in the system. Currently we have a "ObjectControl" type in the system.

org

String

Represents the organization associated with the policy in the system.

object

String

Represents the role/object associated with the policy in the system.

fields

ObjectArray

Represents the definition of all the columns associated with the policy in the system.

fields.read

Array

Represents the list of readable columns associated with the policy in the system.

fields.write

Array

Represents the list of writeable columns associated with the policy in the system.

condition

Object

Represents the list conditions associated with the policy in the system.

condition.stringEquals

Object

Represents the condition which will be applied to the policy in the system.

hashtag
Example Policies

hashtag
Create a Policy

post

Sample request:

POST api/v1/CreatePolicy
{        
  "name": "PatientDataAccess",
  "label": "Patient Data Access",
  "description": "Policy to allow access to patient data",
  "version": "2023-01",
  "type": "ObjectControl",
  "object": "Patient",
  "fields": {
    "read": "*",
    "write": ["name", "address", "phone"]
  }, 
  "condition": {
    "stringEquals": {
      "email": "{{user.email}}"
    }
  }
}
Authorizations
AuthorizationstringRequired

Standard Authorization header using the Bearer scheme ("bearer {token}")

Body
namestringRequiredPattern: ^[a-zA-Z0-9_]*$
labelstring | nullableOptional
descriptionstring | nullableOptional
versionstringRequired
typestringRequired
objectstringRequired
Responses
chevron-right
200

Success

No content
post
/api/v1/CreatePolicy
No content

hashtag
Get all Policies

get
Authorizations
AuthorizationstringRequired

Standard Authorization header using the Bearer scheme ("bearer {token}")

Responses
chevron-right
200

Success

No content
get
/api/v1/GetPolicies
No content

hashtag
Get a Policy

get
Authorizations
AuthorizationstringRequired

Standard Authorization header using the Bearer scheme ("bearer {token}")

Path parameters
idstringRequired
Responses
chevron-right
200

Success

No content
get
/api/v1/GetPolicy/{id}
No content
PreviousRolesNextObjects

Last updated