Policy Administration

You can use the iCDR administrative console to list policies and assign policies to objects within the iCDR instance. Creating new policies needs to be done through the UI. For more information visit Security Policy Management.

Viewing Policies

You can view all security policies configured on the server using the policy.list command, specifying optional filter parameters.
> policy.list
SID Name Oid
a14d0096-d62a-11eb-8248-00155d640b09 Create-Policy-Test
57a36a62-d5c5-11eb-8248-00155d640b09 Access HIV ART Number
62073cae-8c1e-11eb-be65-00155d640b09 Testy Mctesterson
598c0e00-82fb-11eb-8dcd-0242ac130007 Read PubSub Subscriptions
598c0e00-82fb-11eb-8dcd-0242ac130006 Delete PubSub Subscriptions
The optional filter parameters for policy.list are.
List policies with specified name
policy.list -n test
List policies with specified OID pattern
policy.list -o

Assigning Policies

You can assign security policies to devices, roles, and/or applications by using policy.assign command, followed by specifying parameters.
-r or --role
The role(s) to assign the policy to
-a or --application
The application(s) to assign the policy to
-d or --device
The device(s) to assign the policy to
-e or --rule
The action to take (0/deny, 1/elevate, 2/grant)
-p or --policy
The policy(ies) to apply
The object parameter ( role or application or device ) is required.
The policy parameter is required.
The action parameter (-e or --rule) specifies the action to take and by default is set to 0 (Deny) if not specified.
> policy.assign -a Create-Application-Test -e 2 -p
Grant: Override Disclosure TO Create-Application-Test
> policy.assign -a Create-Application-Test -p
Deny: Override Disclosure TO Create-Application-Test