How do I create a policy template?

Policy templates allow you to efficiently create and update policies for common LUSID features and data points.

Providing you are a LUSID user with sufficient privileges, you can create a policy template, for example to grant a user access to read portfolios within a particular scope. You can then generate or update a policy on-the-fly using one or more policy templates.

Currently, you can create your own policy templates and use them to generate and update policies. In future, LUSID will provide pre-built templates for common features and data, which you will be able to use to efficiently generate and update your own policies from.

Using the Access REST API

Currently, you can create one policy template per API call.

  1. Obtain an API access token.

  2. Call the CreatePolicyTemplate API for your LUSID domain, passing in your API access token and:

    • A code to uniquely identify the template.

    • A friendly displayName and description.

    • An array of templatedSelectors containing the selectors to be included in policies generated from the template, with each item including:

      • The application the policy relates to.

      • A tag to identify whether this is a Feature and/or Data policy template. This allows you to track the policy types and create different feature and/or data policies from the same template.

      • A selector type, structured in the same way as a selector in a data or feature policy, of either:

        • metadataSelectorDefinition

        • matchAllSelectorDefinition

        • IdSelectorDefinition; for this example, this selector type should contain:

          • An identifier, for example a scope to assign access to.

          • Optionally, a name and description to help identify the selector.

          • actions for the policy, including:

            • A scope value, for example default.

            • An entity value, for example Portfolio.

            • The activity to grant access to, for example Read.

        Note

        The selector parameters required vary depending on the selector type and whether you are creating a template for a feature policy or a data policy. Read the corresponding articles to learn more about the required structure for each selector type.

The following example creates a policy template containing selectors for reading portfolios in the Finbourne-Examples scope:

curl -X POST "https://<your-domain>.lusid.com/access/api/policytemplates"
  -H "Authorization: Bearer <your-API-access-token>"
  -d "{
  "code": "read-portfolio-scope",
  "displayName": "Read portfolios in scope",
  "description": "Policy template that grants read access to portfolio data within the Finbourne-Examples scope",
  "templatedSelectors": [
    {
      "application": "LUSID",
      "tag": "Data",
      "selector": {
        "idSelectorDefinition": {
          "identifier": {
            "scope": "Finbourne-Examples"
          },
          "actions": [
            {
              "scope": "default",
              "activity": "Read",
              "entity": "Portfolio"
            }
          ],
          "name": "access-Finbourne-Examples-scope",
          "description": "Allow readonly access to the Finbourne-Examples portfolio scope"
        }
      }
    }
  ]
}"

You can now use the GeneratePolicyFromTemplate API to combine selectors defined in the policy template above with other policy template selectors and efficiently create or update policies. See how to do this.

Using the LUSID web app

Coming soon