Skip to main content

otdfctl policy subject-mappings create

create - Create a new subject mapping

Synopsis

otdfctl policy subject-mappings create [flags]

Description

Create a Subject Mapping to entitle an entity (via existing or new Subject Condition Set) to action(s) on an Attribute Value.

Subject Mappings may entitle actions with standard names ('create', 'read', 'update', 'delete'), custom names, or by their stored 'id' within policy.

For more information about actions, see the actions subcommand.

For more information about subject mappings, see the subject-mappings subcommand.

For more information about subject condition sets, see the subject-condition-sets subcommand.

Examples

Create a subject mapping for a 'read' action linking to an existing subject condition set:

otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action read --subject-condition-set-id 8dc98f65-5f0a-4444-bfd1-6a818dc7b447

Or you can create a mapping for 'read' or 'create' linking to a new subject condition set:

otdfctl policy subject-mapping create --attribute-value-id 891cfe85-b381-4f85-9699-5f7dbfe2a9ab --action create --action update --subject-condition-set-new '[                                           
  {
    "condition_groups": [
      {
        "conditions": [
          {
            "operator": 1,
            "subject_external_values": ["myvalue", "myothervalue"],
            "subject_external_selector_value": ".example.field.one"
          },
          {
            "operator": 2,
            "subject_external_values": ["notpresentvalue"],
            "subject_external_selector_value": ".example.field.two"
          }
        ],
        "boolean_operator": 2
      }
    ]
  }
]'

Options

-a, --attribute-value-id <attribute-value-id>
The ID of the attribute value to map to a subject condition set (required: true)
--action <action>
Each 'id' or 'name' of an Action to be entitled (i.e. 'create', 'read', 'update', 'delete') (required: false)
--subject-condition-set-id <subject-condition-set-id>
Known preexisting Subject Condition Set Id (required: false)
--subject-condition-set-new <subject-condition-set-new>
JSON array of Subject Sets to create a new Subject Condition Set associated with the created Subject Mapping (required: false)
-l, --label <label>
Optional metadata 'labels' in the format: key=value (required: false)
-s, --action-standard <action-standard>
Deprecated. Migrated to '--action'. (required: false)
-c, --action-custom <action-custom>
Deprecated. Migrated to '--action'. (required: false)

Aliases

new, add, c