Introducing Policies in Jexia

Defining fine-grained access to your data — by Matheus Paiva

Image by Coahoma

If you ever tried out Jexia, you might have encountered these three core components along the way: Datasets, API Keys and Policies. In this article I’ll provide explanation about the last-mentioned.

Datasets are your data unit. It is the database representation itself including fields and validations.

API Keys are the credentials used to access your datasets.

Policies are the rules that tell which datasets each API Key can have access to.

explanation policies
Image representing how policies work

In short, policies is an access filter you can apply on your API keys. This gives you plenty of flexibility to define data access across different teams and roles.

Before diving into a practical example, it is important to understand how API keys and policies behave by default.

API Keys grant no access by default

When you create an API Key, it grants access to exactly zero datasets by default. All data access an API key may have, will be granted by one or more policies. We can think of API Keys like actors solely responsible by authentication, not authorization. Authorization is going to be controlled by policies.

Policies grant access to data

On the other hand, when you create a policy, you must specify one or more API keys this policy is related to as well as which datasets it grants access to, along with the access level you’re granting to the data (Read, Create, Update, Delete).

Let’s imagine you have a Jexia project called `notes_app`. In this project, you have two datasets: users and notes. You are still on private beta, so you’re going to create users manually at this moment.

You want to divide access in two API keys: Client and Admin. Client is going to be used by your Web App where your clients can access and use your product. And Admin is going to be used by an administrative CLI tool where you can take metrics of your user base.

Client Access and Admin Access

So, in order to have this fine-grained access, you can create two policies: Client Access and Admin Access. Client Access grants Read access to the dataset users and Read, Create, Update and Delete access to dataset notes. On the other hand, you grant full access to all datasets for Admin Access.

With this solution you can divide both responsibilities and access according to the purpose of each API key.

I hope this article helps you better understand and use policies on the Jexia platform. Are you looking for more guidance on where to start? Check out the Get Started Guide and documentation:

And of course, you can always reach us through our support page.

Originally published at Jexia.

Like what you read? Give Jexia’s Editorial Team a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.