Skip to main content
Version: 2.0.0

ABAC Policy Creation within the Permit UI


Follow-along Example

There are several steps we want to consider when creating an ABAC Policy with the use of the UI.

Running through building this policy will be best with the aid of a simple example that we can follow.

example

Students at Stanford University who study full-time are the only ones that can rent University bicycles after 5pm.

Create User Attributes

In order to create user attributes, we need to navigate to the Users panel. Here we have the option to add a new user attribute.

User Attribute Creation Window

We can defined and add attributes based on our example. In this case, we will have two user attributes, the university a student attends, and if the student is-full-time.

Defined User Attributes Example

Once we are happy, we need to save the newly created user attributes.

Define a User Set

Now that we have created our attributes, we can go ahead and define a user set. Within each user set, we can add conditions that will be applied to each user.

User Set Window

A user set, as explained previously, is a set of condition groups that match specific characteristics. As per our above example, a user set for us is Students at Stanford University who study full-time.

User Set Example

This is a very simple example of a user set. You can create a user set with several condition groups and multiple conditions within each group. If you would like to learn more about creating conditions, please refer to Available Operators.

Create a New Resource

A resource is what we will be assigning our actions too, and giving each user set the permissions to perform certain actions. First, we have to create a new resource.

Resource Window

As per our above example, our resource will be a bicycle, and because we are referring to a bicycle that can be rented out, the attribute will be time.

Resource Adding Attributes Example

We have given the resource two actions. A user is able to ride and rent a bicycle.

Define a Resource Set

Now that we have set up our resource with specific characteristics, we can go onto defining a resource set. Following in the footsteps of our defined example above, the condition that we will be building for our resource is renting University bicycles after 5pm.

Resource Set Window

Our conditions for this set will be setting time using the comparison greater-than to 5pm.

Resource Set Example

Apply Permissions to create an ABAC Policy

Now that we have set up all the attributes for users and resources, along with the user and resource set, we apply permissions directly from the dashboard.

We have a Full-Time Stanford Student role, where a resource is renting bicycles after 5pm. It's as simple as ticking the right option!

Giving Permissions

Remember to always save your changes!

Saving Permissions

Congratulations! You have set up your ABAC policy.

UI supports Complexity

Conditions can be very complex and difficult, but all of that complexity is supported within the UI. Below is an example of what the UI looks like when several condition groups with many conditions are required.

Many Group Example