# this is an example of a complete policy # configuration # set the default policy default policy drop (cap) # here we create some useful tokens in # place of the capability default set. set token as keyvalue : key is read value is (cap READ) set token as keyvalue : key is write value is (cap WRITE) set token as keyvalue : key is create value is (cap CREATE) set token as keyvalue : key is destroy value is (cap DESTROY) set token as keyvalue : key is execute value is (cap EXECUTE) # set some useful tokens set token as keyvalue : key is all value is list of : read write create destroy execute # we can now get rid of the permission default # set, thus preventing them from being used later. berid of (cap) # from now on we can only use read, write, create, # destroy, execute, and all for setting capabilites. # allow read only permission for file-access actions policy read-only ## this statement on it's own will drop all ## permissions then allow read allow read action is file-access test as incorrect so not read if failure then break circuit as correct with action as file-access so read if failure then break circuit # the following policies also set the environment # that they apply to, in this case it's the office policy write-for-staff in office allow write ## where is used as syntax-sugar here ## to make the children statements easier ## to grok. where action is file-access subject must have attribute "staff" test as incorrect so not write if failure then break circuit as correct with action as file-access empty subject apply attribute as tag "staff" so write if failure then break circuit policy create-for-admin in office allow create where subject must have attribute "staff" attribute "admin" ## when a user creates a resource we add ## an attribute to it as a specific keyvalue ## type. Read the colon symbol as where apply attribute to resource as keyvalue : key is "glenda-can-delete" ### we set the value from the environment ### and enforce the type as ternary value ### : true, unknown, or false. If set ### and contents considered truthy then ### value will be true, else false. If ### not set then the value will be unknown value is ternary (env GLENDA_ALLOWED) test as incorrect so not create if failure then break circuit as correct with empty subject apply attribute as tag "staff" apply attribute as tag "admin" so create so resource has attribute "glenda-can-delete" with ternary value if failure then break circuit policy destroy-only-for-glenda in remote-office allow destroy where resource must have attribute "glenda-can-delete" value must be true subject must have attribute "staff" attribute "username" value is "glenda" test as incorrect so not destroy if failure then break circuit as correct with empty resource apply attribute keyvalue key as "glenda-can-delete" value as true empty subject apply attribute as tag "staff" apply attribute as "username" with value "glenda" if failure then break circuit policy execute-processes in office allow execute during time beginning 08:00 and ending 18:00 where action begin-process, end-process resource must have attribute "can-execute" subject must have attribute "staff" attribute "operations" test as incorrect so not execute if failure then break circuit as correct with action as begin-process or end-process empty resource apply attribute as tag "can-execute" empty subject apply attribute as tag "staff" apply attribute as tag "operations" if failure then break circuit policy backup in office allow read during time beginning 01:00 and ending 03:00 on sunday, tuesday where action begin-backup resource must have attribute "dump" subject must have attribute "operations" attribute "backups" test as incorrect so not read if failure then break circuit as correct with time as 02:00 day as sunday action as begin-backup empty resource apply attribute as tag "dump" empty subject apply attribute as tag "operations" apply attribute as tag "backups" so read if failure then break circuit policy root in office allow all where subject must have attribute "root"