Manage record access policies via the API

Most of the functionality that is availabile in the API is also available in the web app, however some of the calls may provide more flexibility and data formats that can be used as needed.

Refer to the Skedulo Lens API Reference Guide for information on how to manage policies and rules via the API.

Record access policy endpoints

The /authorization/policies endpoint can be used for managing policies. The policy ID can be added as a parameter in the path to GET a specific policy or to update (PUT) or delete (DELETE) a specific policy.

If you want to work with rules independently from the policy, you can use /authorization/policies/rules in the same way, or use /authorization/policies/rules/resolved to request the rules that apply to the user making the request.

Policy templates can be queried using /authorization/policies/templates or applied to create a new policy using /authorization/policies/templates/{id}/apply.

The sections that follow summarize operations that can be performed via the API to manage record access policies and rules.

Request record access policy information via the API

Operation Endpoint Description
GET /authorization/policies/{id} Returns a specific policy by ID.
GET /authorization/policies Returns all policies for the team.
GET /authorization/policies/templates Returns all policy templates that are available for in the team.
GET /authorization/policies/rules/{id} Returns a specific rule by ID.
GET /authorization/policies/rules Returns all rules. The enabled parameter can be set to return only enabled or only disabled rules. The rule status is controlled by the status of the policy to which they belong.
GET /authorization/policies/rules/resolved Lists only the rules that apply to the current user. Note that users with the administrator role are exempt from record access policies and would, therefore, have no rules returned for this call. The rules applicable to a user also depend on a combination of the user’s roles and the value of the permissionsExcluded and rolesExcluded attributes on each rule.

Create policies and rules

Operation Endpoint Description
POST /authorization/policies/templates/{id}/apply Create a new policy by applying a template with preconfigured rules
POST /authorization/policies Create a new policy without a template
POST /authorization/policies/rules Create a new rule

Makes changes to policies and rules

Operation Endpoint Description
PUT /authorization/policies/{id} Update an existing policy
PUT /authorization/policies/rules/{id} Update an existing rule

Delete policies and rules

Operation Endpoint Description
DELETE /authorization/policies/{id} Deletes the policy specified by ID in the request
DELETE /authorization/policies/rules/{id} Deletes the rule specified by ID in the request

Example: Use a record access policy template to create a policy and then make changes to customize it

Use a template to create a policy

  1. Use the /authorization/policies/templates endpoint to see what templates are available to use, including details of the rules that comprise them.
  2. Note the ID of the template to use as a basis for a new policy.
  3. Use the template ID to populate the {id} parameter in the POST request to the /authorization/policies/templates/{id}/apply endpoint. This creates a policy with the name, description, and rules of the template. The policy is enabled when created.

Customize the policy details

  • Use a PUT call to /authorization/policies/{id} to update the name, description, and status of the policy, as required. Note that this endpoint cannot be used to update the rules.

Customize the rules on a templated policy

A combination of adding new rules, changing existing rules, or deleting rules can be used to achieve the desired combination of rules to control access in the team.

  • Use the /authorization/policies/rules/{id} endpoint to add new rules (POST), change existing rules (PUT), or delete a rule (DELETE).

See the API reference documentation for more information.