Setting up access control permissions to use Insights

To access the Insights application and its logs, you need to ensure your users have the appropriate roles and policies assigned to them. You can manage roles and policies within the LUSID web application.

First, you need to create a policy to grant access to the Insights application:

  1. Log in to the LUSID web app using the credentials of a LUSID administrator.

  2. From the left-hand menu, select Identity and Access > Policies:

  3. On the Policies dashboard, click the Create policy button.

  4. Specify a unique Policy code, Policy validity dates if necessary, and select whether the policy should Allow or Deny access to the features specified.

  5. Select the features you would like to grant to the policy. Some of the notable features available are as follows:

    • Access to the Insights endpoints - these are the Insights > API > Requestlogs policies:

      • Run GetRequestLog (Endpoint access - get a specific log record)

      • Run ListRequestLogs (Endpoint access - list log records)

      • Run GetRequest (Endpoint access - get a request file)

      • Run GetResponse (Endpoint access - get a request's response file)

    • Allow a user to see all the request logs for any user (NB: by default users can view their own request logs):

      • Insights > Requestlogs > View All Request Logs (Feature - view the log records for all users)

      • Insights > Requestlogsdetail > View All Request Details (Feature - view the log request/response files for all users)

    • For the access logs, the user needs feature policies to access the relevant endpoints. This gives access to all access records for all users - there's no way to only see your own access records.

      • Insights > API > Accesslogs > Run ListAccessEvaluationLogs (Endpoint access - list the log records)

      • Insights > API > Accesslogs > Run GetAccessEvaluationLog (Endpoint access - get a specific log record)

      • Insights > Accesslogs > View All Access Logs (Feature - view access logs for any user)

  6. Specify any Time Restrictions and Advanced Options as usual.

  7. Select Done to review the policy, and Save to create the policy:

Once you have created the policy, you can assign this to any role of your choice.