Access the Auth Clients tab and create a new client.
1
resourceType: Client
2
id: postman
3
secret: secret
4
grant_types:['basic']
Copied!
Access the Access Control tab and create new access policy with the code below. Let's consider the work of this policy. In this schema, two constraints are introduced:
1.
it is allowed to use only the GET method;
2.
it is allowed to use only request URIs starting with "/fhir/".
JSON-schema version:
1
resourceType: AccessPolicy
2
id: policy-for-postman
3
engine: json-schema
4
schema:
5
required:
6
- client
7
- uri
8
- request-method
9
properties:
10
uri:
11
type: string
12
pattern:'^/fhir/.*'
13
client:
14
required:
15
- id
16
properties:
17
id:
18
const: postman
19
request-method:
20
const: get
Copied!
Matcho engine version:
1
resourceType: AccessPolicy
2
id: policy-for-postman
3
engine: matcho
4
matcho:
5
client:
6
id: postman
7
uri:'#^/fhir/.*'
8
request-method: get
Copied!
Now, let's execute requests in Postman.
A request succeeds if at least one of the policies is valid for it.
Positive Test
1
GET{{base}}/fhir/Patient
Copied!
Negative Test
1
POST{{base}}/fhir/Patient
Copied!
Policy Debugging
Let's use the parameter __debug=policy in requests to see which JSON-schema validation returned true/false.
Previously, we tested access control for clients using Postman as a client. Now, let's create and test access policies for users. We will still need our client credentials.
First, we need to create a couple of users.
Access the Users tab and create two users in Aidbox.Cloud.
Execute the request and copy the received access_token value. Paste it to your test request in the Authorization header with the word Bearer before it.