Skip to main content

Privacera Platform master publication

Create scheme policies on Privacera Platform
:

On Privacera Platform, you can create scheme policies that provide certain users access to the encryption and masking schemes described in Encryption schemes and Presentation schemes

Add user in default policy

To create a scheme policy, you need to add a privacera_service_discovery user in the default privacera_peg policy using the Privacera Portal.

To add the user, follow these steps:

  1. From the navigation menu, sele Access Management > Scheme Policies.

  2. In the PEG section, click privacera_peg.

  3. In the peg policy row, click the Edit icon.

  4. In the Allow Conditions section, search for and select the privacera_service_discovery user from the Select User dropdown menu.

Create scheme policies

You can create scheme policies using the Privacera Portal.

To create scheme policies, follow these steps:

  1. From the navigation menu, select Access Management > Scheme Policies.

  2. In the PEG section, click privacera_peg.

  3. Click Add New Policy.

  4. If you want this scheme policy to be in effect for a specific time period, click Add Validity Period and enter the details into the Policy Validity Period dialog.

    The Enabled toggle allows you to create a policy.

  5. In the Policy Name text box, enter a name for the scheme policy.

  6. From the Policy Labels dropdown menu, select the labels that you want to to the scheme policy.

  7. From the Encryption Schemes dropdown menu, select the name of the encryption scheme that you want to apply the policy to. Repeat this for all the required encryption schemes.

  8. From the Presentation Schemes dropdown menu, select the name of the presentation scheme that you want to apply the policy to. Repeat this for all required presentation schemes.

  9. In the Description field, enter a description of the scheme policy.

  10. If you do not want audit logs, disable the Audit Logging toggle.

Define allow conditions

In the Allow Conditions section, you can select the names of roles, groups, or users that you want to give access to the schemes.

To define the allow conditions for a scheme policy, follow these steps:

  1. In the Allow Conditions section, search and select the privacera_service_discovery user from the Select User dropdown menu.

  2. Select the names of roles, groups, or users you want to give access to the schemes.

  3. In the Permissions column, click Add Permission and specify the permission you want to give.

  4. In the Delegate Admin column, select the checkbox if you want the service user to be able to make API endpoints on behalf of the application user.

  5. In the Exclude from Allow Conditions section, select the roles, groups, or users that you want to exclude from the allow conditions.

Define deny conditions

In the Deny Conditions section, you can select the roles, groups, or users that you want to deny access to the schemes.

To define the deny conditions for a scheme policy, follow these steps:

  1. In the Deny Condition section, click Add Permission and specify the permission you want to deny.

  2. Click Delegate Admin if you want the service user to be able to make API endpoints on behalf of the application user.

  3. If you want to deny access to specific roles, groups, or users, under Exclude from Deny Conditions, select those roles, groups, or users you want to exclude.

  4. In the Exclude from Deny Conditions section, select the roles, groups, or users that you want to exclude from the deny conditions.

  5. Click Save to save the scheme policy.