Introducing Policies in Jexia – fine-grained access to your data
Wednesday, June 6, 2018
If you ever tried out Jexia, you might have encountered these three core components along the way: Datasets, API Keys and Policies. In this article I’ll provide explanation about the last-mentioned.
Datasets are your data unit. It is the database representation itself including fields and validations.
API Keys are the credentials used to access your datasets.Policies are the rules that tell which each API Key can have access to.
Image representing how policies work
In short, policies is an access filter you can apply on your API keys. This gives you plenty of flexibility to define data access across different teams and roles.Before diving into a practical example, it is important to understand how API keys and policies behave by default.
API Keys grant no access by default
When you create an API Key, it grants access to exactly zero datasets by default. All data access an API key may have, will be granted by one or more policies. We can think of API Keys like actors solely responsible by authentication, not authorization. Authorization is going to be controlled by policies.
Policies grant access to data
On the other hand, when you create a policy, you must specify one or more API keys this policy is related to as well as which datasets it grants access to, along with the access level you’re granting to the data (Read, Create, Update, Delete).
Let’s imagine you have a Jexia project called `notes_app`. In this project, you have two datasets: users and notes. You are still on private beta, so you’re going to create users manually at this moment.
You want to divide access in two API keys: Client and Admin. Client is going to be used by your Web App where your clients can access and use your product. And Admin is going to be used by an administrative CLI tool where you can take metrics of your user base.Client Access and Admin AccessSo, in order to have this fine-grained access, you can create two policies:
Client Access and Admin Access.
Client Access grants Read access to the dataset users and Read, Create, Update and Delete access to dataset notes. On the other hand, you grant full access to all datasets for Admin Access.With this solution you can divide both responsibilities and access according to the purpose of each API key.
I hope this article helps you better understand and use policies on the Jexia platform. Are you looking for more guidance on where to start? Check out the Get Started Guide and documentation:
And of course, you can always reach us through our support page.
Also published on Medium.
This post was written by Editorial Team