cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Why would I consider using Policy Templating?

GosiaMurawska
Community Team
Community Team

How does policy templating help in managing security boundaries within user groups?

2 REPLIES 2

Jon2
Dynatrace Helper
Dynatrace Helper

Policy templating allows for the creation of reusable policies that implement parameterized values in their WHERE condition. An example policy that uses these bind parameters could be the following 

 

ALLOW storage:logs:read WHERE storage:dt.security_context = "${bindParam:team}"; 

 

The actual values of the bind parameter ‘team’ are set uniquely with each group->policy binding. 

 

In conclusion, if your user groups also represent security boundaries, then one way to pass that information into the bound policies is through policy templating. Doing so also reduces the footprint of your IAM policies. 

Abidyaseen
Advisor

The Dynatrace IAM policy templating guide explains how to create reusable, parameterized policies to simplify permission management. Instead of writing multiple policies for different contexts, you can define a single policy with a parameter reference. Parameters are assigned during policy binding via REST API. If parameters mismatch, a 400 error is returned. Updates are allowed only if the parameter set remains unchanged. Policies can also support lists as binding parameters.  https://docs.dynatrace.com/docs/manage/identity-access-management/permission-management/manage-user-...

 

Featured Posts