Skip to main content

Create the Entitlements Policy

This section describes how to create an Entitlements policy.

Install the Styra DAS Docker Containers

After creating a new Entitlements System, the Styra DAS UI displays the Install page. You can also find the installation instructions under Your System > Settings > Install. This page gives instructions to download the requirements and enforce policies on your computer (or your CI/CD pipeline).

To install the Styra DAS Docker Containers:

  1. On the Install page, select Entitlements Playground.
  2. Run the installation commands your terminal to install the Styra DAS Docker containers.
  3. Verify the expected output on your terminal.

Keep the terminal window open and return to your web browser. This tutorial uses both.

Add Rules

You can add rules using the Entitlements Playground or through the Styra DAS UI.

Use the Entitlements Playground

To add a rule using the Entitlements Playground, Navigate to Your System > Policy > rules.rego. You must delete those rules if you have already added rules during the Quick Start.

In your web browser, open a new tab and enter the local host URL to see the Entitlements playground.

note

This web application is running inside the Docker container that you launched earlier, and allows you to experiment with policies as you create them.

Enter a simple request.

  1. In Action: Enter GET.
  2. In Resource: Enter /cars.
  3. Click the Submit button.

The expected result is to have all cars listed and accessible to every user.

Using the Styra DAS UI

Add a rule using the Styra DAS UI to create a policy allowing all requests.

  1. Click on the Add rule button.
  2. Search and click on the Generic Allow/Deny Rule.
  3. Click on the Enforce button at the top of the rule card to enable it.
  4. Click on the Publish button to publish your changes.

View Results in Entitlements Playground

After you publish a rule, view your results in the Entitlement Playground.

  1. Navigate to your Entitlements Playground tab and wait for it to receive the bundle update. The Last Bundle Update section displays when the last bundle update was received. The bundle update is displayed within 60-90 seconds of clicking the Publish button.
  2. Click Submit to see your results.

You will see the following results on your Entitlements Playground:

  • The request is displayed as allowed (Allowed:true) rather than denied.
  • The enforced field in the result now contains an object with allowed set to true and the message Request was matched object was generated by the Generic Allow/Deny Rule.

Add a Rule for a Specific Request

The above rule allows any request. You can add a rule for a specific request using the following instructions.

To add a rule that accesses only /cars:

  1. Navigate to the Styra DAS UI.
  2. Select the filter icon located in the top-right of the card.
  3. Switch ON the Actions and Resources toggles.
  4. Fill in the following fields:
    • actions: Enter GET.
    • resources: Enter /cars.
  5. Click Publish to publish your changes.
  6. Return to the Entitlements playground and click Submit again. The request should still be allowed.
  7. Change the entries in the following fields and click Submit again. This request should be denied.
    • actions: Enter POST.
    • resources: Enter /cars.