Create a Knox Policy
To add a new policy to an existing Knox service:
On the Service Manager page, select an existing service under Knox.
The List of Policies page appears.
Click
.The Create Policy console appears.
Complete the Create Policy page as follows:
Table 5.9. Policy Details
Field Description Policy Name Enter an appropriate policy name. This name cannot be duplicated across the system. This field is mandatory. Knox Topology Enter an appropriate Topology Name. Knox Service Enter an appropriate Service Name. Description (Optional) Describe the purpose of the policy. Audit Logging Specify whether this policy is audited. (De-select to disable auditing). Table 5.10. User and Group Permissions
Label
Description
Select Group Specify the group to which this policy applies. To designate the group as an Administrator for the chosen resource, specify Admin permissions. (Administrators can create child policies based on existing policies). Select User Specify a particular user to which this policy applies (outside of an already-specified group) OR designate a particular user as Admin for this policy. (Administrators can create child policies based on existing policies). Policy Conditions Specify IP address range, Permissions Add or edit permissions: Read, Write, Create, Admin, Select/Deselect All. Delegate Admin When a policy is assigned to a user or a group of users those users become the delegated admin. The delegated admin can update, delete the policies. It can also create child policies based on the original policy (base policy). Since Knox does not provide a command line methodology for assigning privileges or roles to users, the User and Group Permissions portion of the Knox Create Policy form is especially important.
Wild cards can be included in the resource path, in the database name, the table name, or column name:
* indicates zero or more occurrences of characters
? indicates a single character
Click
.