Skip to main content
logoTetrate Service BridgeVersion: 1.5.x

Approvals Service

Service to manage centralized approval policies.

Approvals

The Approvals service exposes methods for working with approval policies. $hide_from_yaml

SetPolicy

GetPolicy

DeletePolicy

AddAccessRequest

DeleteAccessRequest

ApproveAccessRequest

AddApprovedAccess

DeleteApprovedAccess

Access

Access is an access request for a subject with a set of permission.

FieldDescriptionValidation Rule

subject

string
REQUIRED
Subject is the subject that is requested to access the resource.

string = {
  min_len: 1
}

permissions

List of string
REQUIRED
Permissions is a list of permissions that the subject is allowed to use.

repeated = {
  min_items: 1
  items: {string:{min_len:1}}
}

AccessRequest

AccessRequest is a request used for requesting or approving access to a resource.

FieldDescriptionValidation Rule

resource

string
REQUIRED
Resource for which the access request is made.

string = {
  min_len: 1
}

access

tetrateio.api.tsb.q.v2.Access
REQUIRED
Access is the subject and permissions for the access request.

ApprovalPolicy

ApprovalPolicy is a set of authorization rules that define access to a resource. When applied to a resource, the rules enforce access to the resource based on the permission set.

FieldDescriptionValidation Rule

mode

tetrateio.api.tsb.q.v2.ApprovalPolicy.Mode
REQUIRED
Mode indicates how access to the resource is configured.

enum = {
  defined_only: true
}

resource

string
REQUIRED
Resource is a fully qualified name of the resource that the policy applies to.

string = {
  min_len: 1
}

requested

List of tetrateio.api.tsb.q.v2.Access
Requested is a list of subjects that are requested to access the target resource but that have not yet been explicitly approved. The access mode of the policy will determine if the subjects in this list are given immediate access to the target resource.

approved

List of tetrateio.api.tsb.q.v2.Access
Approved is a list of subjects that are approved to access the target resource.

Resource

Resource is a resource that can be accessed by a subject.

FieldDescriptionValidation Rule

name

string
REQUIRED
Unique resource name.

string = {
  min_len: 1
}

ResourceAndSubject

ResourceAndSubject is a resource and subject pair used for approval and deletion operations.

FieldDescriptionValidation Rule

resource

string
REQUIRED
Resource for which the access request is made.

string = {
  min_len: 1
}

subject

string
REQUIRED
Subject for which the access request is made.

string = {
  min_len: 1
}

Mode

FieldNumberDescription

UNRESTRICTED

0

Allows all subjects in the same policy class to access the target resource.

ALLOW_REQUESTED

1

Allows only the subjects in the request and approved list to access the resource.

REQUIRE_APPROVAL

2

Allows only the subjects in the approved list to access the resource.