Views:

Related resources:

Explanation

Tutorials

Reference

Providing you are a LUSID user with sufficient privileges, you can create a feature policy to restrict access to one or more LUSID API endpoints.

Note: If you are the LUSID domain owner, you are automatically assigned the built-in lusid-administrator role, which has all the permissions necessary to perform the operations in this article.

Note a feature policy applies even to a personal user using the LUSID graphical web app, since the web app itself calls the API. Note also that a feature policy requires an equivalent data policy in order to yield any data.

Once created, you should assign the feature policy to a role.

Using the LUSID graphical web app 

  1. Log in to the LUSID web app using the credentials of a LUSID administrator.
  2. From the left-hand menu, select Identity and Access > Policies:
  3. On the Policies dashboard, click the Create policy button.
  4. Choose to create a policy using the Policy wizard.
  5. Choose to create a Features policy for LUSID:
  6. Specify a unique Code for the policy, a Deactivation date if necessary, and either retain the default state of Allow or slide to Deny:
  7. Click the Add feature button to add one or more features (corresponding to API endpoints) to the policy by moving them from the left to the right hand column:

    Selecting which API endpoints is subjective, but to grant read-only access to the instrument master for example, you might choose:

    GetInstrument, GetInstruments, ListInstruments, InstrumentsSearch, GetInstrumentIdentifierTypes, GetInstrumentProperties

    API endpoints are identified in the left hand column of this dialog by their operation ID. To match operation IDs to actual API endpoints in the Swagger specification (which might be useful to read their documentation), follow these instructions.
  8. Click the Create button to create the feature policy:

Using the Access API

You could use the Access API to create a feature policy.

The syntax of the JSON object you need to provide in the body of the request to the Access POST /api/policies API endpoint is complicated, however, and highly specific to the nature of the policy you are trying to create.

Currently, we recommend creating the policy in the LUSID web app. Once created, you can manage the policy entirely programmatically.