Policy Authoring

ENTERPRISE

Policy authoring with Custom systems allows you to write any Rego you want. For more information on how to use Rego, see the Open Policy Agent website. Styra expects that you are familiar with the Rego concepts of packages and the rules they contain.

The Styra DAS Custom system gives you nearly the same flexibility as OPA when it comes to organizing your policies. These packages enable you and your teams to reuse code, collaborate, and delegate decisions across teams. It also allows you to use a single DAS system to address many policy enforcement use cases.

Within a DAS Custom system, you can organize your Rego policies and JSON data into a hierarchy. For example, you can put your Rego policies into files with a .rego extension (also called Rego modules), and put your JSON data into a DAS data source.

For example, you may have a single file that declares a number of rules inside the package common.

package common

user_is_authenticated { ... }
user_is_admin { ... }

Now, you can create a second file that uses the code within the first file, similar to the way you work with OPA.

package api.retail

import data.common

allow { common.user_is_authenticated }
...

There are some limitations on which packages you can create or edit in a DAS Custom system, but you can create any package structure that you want, and extend the pre-built packages. In contrast, you must comply with the specific package names and file locations in the pre-built DAS system-types.