Overview of configuration for authorization

This topic provides a high-level overview of the available documentation for configuring authorization.

Configuring access to base configuration entities

Access for individual resources is defined using access.yaml files. You can apply filters in the <access strategy>_ext-1.0.access.yaml files to define what resources a caller can access.

For information on customizing the resource access files, see Sections of a resource access file.

It is possible to grant filtered access (sometimes called “restricted” access) to a given resource based on the caller’s credentials.

For information on modifying the fields that are available to callers when they are granted filtered access to a resource, see The accessiblefields.yaml files.

For information on ensuring that the appropriate roles have access to the endpoints for the base configuration entity, see Configuring API roles.

Configuring access to custom entities

You can configure access to custom entities by modifying the access.yaml files, the role.yaml files, and the accessiblefields.yaml files, as necessary.

For information granting filtered access to custom resources, see Configuring access for custom entities.

For information on ensuring that the appropriate roles have access to the endpoints for the custom entity, see Configuring API roles.

Configuring access to many entities with plugins

For the producerCodes resource access strategy and the contactAuthorizationIds strategy, Guidewire provides plugins that allow you to write your own resource access logic. These plugins provide methods for determining access to particular resources. In some cases, these methods are also used to determine access to child resources.

Providing custom implementations of these plugins allows you to control how access is determined for a variety of entities.

For contact authorization ids, see The IRestContactAuthorizationPlugin plugin. This plugin implements a method which determines whether access is granted to a resource and methods which define queries for getting the account contacts a caller is associated with.

For producer codes, see The IRestProducerCodeAuthorizationPlugin plugin. This plugin implements methods which define root access to BillingCenter resources, access to policy periods, access to charges, and access to account contacts.

Configuring access to individual fields

You can configure access to custom fields added to base configuration entities, and you can configure access to fields on custom entities.

For callers using the contact authorization id strategy and callers using the producer code strategy, you can edit the accessiblefields.yaml files for the given fields.

You can also create your own accessiblefields.yaml files. See The accessiblefields.yaml files.