Policy Management

Configure and manage policies to secure your Hyper application data.

Policy Management in Hyper allows developers to define fine-grained access controls for their applications. This system ensures that only authorized users can perform certain actions within the application by assigning permissions to roles, which are then associated with users.

Understanding Policies

Policies in Hyper define the allowable actions that can be performed on the system's resources. These actions include creating, reading, updating, and deleting (CRUD operations) data, as well as executing specific API functions or queries.

Defining Policies

To define a new policy, you will need to:

  1. Identify the roles and resources you want to control.
  2. Use the Hyper API to create a policy that represents this action.
  3. Assign a descriptive name to the policy for easy identification.
POST /api/policies
  "name": "policy_name",
  "description": "Detailed description of the policy"

Assigning Roles to Policies

Once policies are defined, they can be associated with roles:

  1. Retrieve the role you want to assign the policy to.
  2. Add the role to the policy.
PUT /api/polcies/{policyId}
  "permissions": ["existing_permission1", "new_permission_name", ...]

Managing Policies

Developers can list, update, or remove policies as the application's access control requirements change:

  • Listing Policies: Retrieve a list of all policies defined in the system.
  • Updating Policies: Modify the details of an existing permission.
  • Deleting Policies: Remove policies that are no longer needed.

Best Practices

  • Principle of Least Privilege: Only grant the permissions necessary for a role to function as intended.
  • Auditing: Regularly review the policies assigned to roles to ensure they align with current security policies.
  • Documentation: Maintain clear documentation of what each permission allows within your application.

By effectively managing policies, you can ensure the security and integrity of your application's data and operations. Hyper's API provides the necessary endpoints to manage permissions programmatically, offering flexibility and control over your application's access control strategy.

For more detailed instructions on permission management, refer to the Hyper API Reference.