Search
K
Cipherscale API

CreateAdmissionRule

object

Data required to create a new admission rule

rulestringrequired

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

Example
{
  "name": "Engineering Department Access",
  "rule": "user.department == 'Engineering'",
  "hasTimeConstraint": false
}

AdmissionRule

object

Complete admission rule information with configuration and metadata

idstring(uuid)required

Unique identifier for the admission rule

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the rule was created

Example:2023-01-15T10:30:00Z

updatedAtstring(date-time)required

Timestamp when the rule was last modified

Example:2023-01-15T10:30:00Z

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

typestringrequired

Type of admission rule (ALLOW, DENY, or CUSTOM)

Allowed values:ALLOWDENYCUSTOM

Example:ALLOW

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

rulestring

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

Example
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "Engineering Department Access",
  "type": "ALLOW",
  "rule": "user.department == 'Engineering'",
  "hasTimeConstraint": false,
  "createdAt": "2023-01-15T10:30:00Z",
  "updatedAt": "2023-01-15T10:30:00Z"
}

UpdateAdmissionRule

object

Data for updating an admission rule

rulestringrequired

Rule logic or condition for the admission rule

Example:user.department == 'Engineering'

namestringrequired

Human-readable name for the admission rule

Example:Engineering Department Access

hasTimeConstraintbooleanrequired

Whether this rule includes time-based constraints

Example
{
  "name": "Engineering Department Access",
  "rule": "user.department == 'Engineering'",
  "hasTimeConstraint": false
}

CreatePolicy

object

Data required to create a new access policy

groupsarray[string]

Array of group IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440000

usersarray[string]

Array of user IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440001

devicesarray[string]

Array of device IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440002

resourcesarray[string]

Array of resource IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440003

gatewaysarray[string]

Array of gateway IDs to apply this policy to

Example:550e8400-e29b-41d4-a716-446655440004

rulestring

Admission rule ID for this policy

Example:550e8400-e29b-41d4-a716-446655440005

namestringrequired

Human-readable name for the policy

Example:Engineering Team Access

descriptionstring

Detailed description of the policy’s purpose and scope

Example:Allows engineering team to access development resources

allGroupsbooleanrequired

Whether this policy applies to all groups

Default:false

allUsersbooleanrequired

Whether this policy applies to all users

Default:false

allDevicesbooleanrequired

Whether this policy applies to all devices

Default:false

allResourcesbooleanrequired

Whether this policy applies to all resources

Default:false

sourceIpsarray[string]

Array of source IP addresses or ranges

Example:192.168.1.0/24, 10.0.0.0/8

typestringrequired

Type of resources this policy applies to

Allowed values:PRIVATESAASINTERNETSITETOSITE

Example:PRIVATE

modestring

Access mode for this policy

Allowed values:LOCALRESTRICTEDREMOTE

Example:LOCAL

actionbooleanrequired

Whether this policy allows (true) or denies (false) access

Example:true

Example
{
  "name": "Engineering Team Access",
  "description": "Allows engineering team to access development resources",
  "type": "PRIVATE",
  "mode": "LOCAL",
  "action": true,
  "allGroups": false,
  "allUsers": false,
  "allDevices": false,
  "allResources": false,
  "groups": [
    "550e8400-e29b-41d4-a716-446655440000"
  ],
  "rule": "550e8400-e29b-41d4-a716-446655440005"
}

PolicyGroup

object

Group information within a policy context

idstring(uuid)required

Unique identifier for the group

Example:550e8400-e29b-41d4-a716-446655440000

createdAtstring(date-time)required

Timestamp when the group was created

Example:2023-01-15T14:30:00Z

updatedAtstring(date-time)required

Timestamp when the group was last updated

Example:2023-01-15T14:30:00Z

namestringrequired

Human-readable name for the group

Example:Engineering Team

descriptionstring

Detailed description of the group’s purpose

Example:Team responsible for software development and engineering

maxDevicesnumberrequired

Maximum number of devices allowed for this group

Example:10

isSamlDefaultGroupboolean

Whether this is the default group for SAML users

idpMappingarray[string]

Array of identity provider mapping identifiers

Example:engineering-team, dev-team

Example
{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "createdAt": "2023-01-15T14:30:00Z",
  "updatedAt": "2023-01-15T14:30:00Z",
  "name": "Engineering Team",
  "description": "Team responsible for software development and engineering",
  "maxDevices": 10,
  "isSamlDefaultGroup": false,
  "idpMapping": [
    "engineering-team",
    "dev-team"
  ]
}