Security Policy

The Security Policy API provides operations to manage Security Policies for OPA Teams. Security Policies control which User Groups can access resources and any methods they can use to connect. Security Policy operations use several nested objects to correctly define a created policy.

See Security policy.

List all Security Policies

Lists all Security Policies for the current Security Admin

This endpoint requires the following role: security_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

Responses
200

OK

get/v1/teams/{team_name}/security_policy
Request samples 
Response samples 
application/json
{
  • "list": [
    • {
      }
    ]
}
Create a Security Policy
Creates a Security Policy


This endpoint requires the following role: security_admin.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
Request Body schema: application/json
active
required
boolean
If true, indicates that the Security Policy is active


 
description
required
string
The description of the Security Policy


 
name
required
string
The name of the Security Policy


 
required
object  <= 40 
The User Groups associated with the Security Policy. Can include multiple Groups.


 
Array of objects (NamedObject) 
The User Groups associated with the Security Policy. Each User Group is defined in a separate object.


 
 Array 
id
string
The UUID of the object


 
required
Array of objects (SecurityPolicyRule)   <= 30 
The rules associated with the Security Policy. A Security Policy can set multiple rules that define privileges available for matching resources.


 
 Array 
Array of objects (Conditions) 
The conditions required before a privilege is made available to the Principals. All conditions must be met.


 
name
required
string
The name of the Security Policy rule


 
required
Array of objects (Privileges) 
The specific privileges granted to Principals on matching resources.


 
required
object (SecurityPolicyRuleResourceSelectors) 
The selector that defines resources targeted by this Security policy.


 
resource_type
required
string (SecurityPolicyRuleResourceType) 
The type of resource that Principals are granted privileges to access. Currently only accepts server_based_resource.


 Value: "server_based_resource"  
Responses 
200
OK


post/v1/teams/{team_name}/security_policy
Request samples 
application/json
{
  • "name": "SecurityPolicy1",
  • "description": "string",
  • "active": true,
  • "principals": {
    • "user_groups": [
      ]
    },
  • "rules": [
    • {
      }
    ]
}
Response samples 
application/json
{
  • "id": "123-456-789",
  • "name": "SecurityPolicy1",
  • "description": "string",
  • "active": true,
  • "principals": {
    • "user_groups": [
      ]
    },
  • "rules": [
    • {
      }
    ]
}
Retrieve a Security Policy
Retrieves the specified Security Policy


This endpoint requires the following role: security_admin.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
security_policy_id
required
string
The UUID of a Security Policy


 
Responses 
200
OK


get/v1/teams/{team_name}/security_policy/{security_policy_id}
Request samples 
Response samples 
application/json
{
  • "id": "123-456-789",
  • "name": "SecurityPolicy1",
  • "description": "string",
  • "active": true,
  • "principals": {
    • "user_groups": [
      ]
    },
  • "rules": [
    • {
      }
    ]
}
Update a Security Policy
Updates the specified Security Policy


This endpoint requires the following role: security_admin.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
security_policy_id
required
string
The UUID of a Security Policy


 
Request Body schema: application/json
active
required
boolean
If true, indicates that the Security Policy is active


 
description
required
string
The description of the Security Policy


 
name
required
string
The name of the Security Policy


 
required
object  <= 40 
The User Groups associated with the Security Policy. Can include multiple Groups.


 
Array of objects (NamedObject) 
The User Groups associated with the Security Policy. Each User Group is defined in a separate object.


 
 Array 
id
string
The UUID of the object


 
required
Array of objects (SecurityPolicyRule)   <= 30 
The rules associated with the Security Policy. A Security Policy can set multiple rules that define privileges available for matching resources.


 
 Array 
Array of objects (Conditions) 
The conditions required before a privilege is made available to the Principals. All conditions must be met.


 
name
required
string
The name of the Security Policy rule


 
required
Array of objects (Privileges) 
The specific privileges granted to Principals on matching resources.


 
required
object (SecurityPolicyRuleResourceSelectors) 
The selector that defines resources targeted by this Security policy.


 
resource_type
required
string (SecurityPolicyRuleResourceType) 
The type of resource that Principals are granted privileges to access. Currently only accepts server_based_resource.


 Value: "server_based_resource"  
Responses 
204
No Content


put/v1/teams/{team_name}/security_policy/{security_policy_id}
Request samples 
application/json
{
  • "id": "123-456-789",
  • "name": "SecurityPolicy1",
  • "description": "string",
  • "active": true,
  • "principals": {
    • "user_groups": [
      ]
    },
  • "rules": [
    • {
      }
    ]
}
Delete a Security Policy
Deletes the specified Security Policy


This endpoint requires the following role: security_admin.


SecuritybearerAuth 
Request 
path Parameters
team_name
required
string
The name of your Team


 
security_policy_id
required
string
The UUID of a Security Policy


 
Responses 
204
No Content


delete/v1/teams/{team_name}/security_policy/{security_policy_id}
Request samples