Maintaining Access Control Policies and Statements

After you have set up your access control policies and statements, you can maintain them on an ongoing basis by:

  • Editing policies to change their name or description

  • Deleting policies that are no longer in use

  • Changing the users that are linked to a policy, as users enter or leave your organization, or change roles

  • Editing the statements in a policy (or adding new statements), to reflect operational changes

  • Deleting statements from a policy when they are no longer needed

This article provides instructions on how to perform each of these actions to effectively maintain the access controls in your Uptempo instance.

Edit an Access Control Policy

You can edit any existing access control policy to change its name or description text.

To edit the details of an access control policy, follow these steps:

  1. Open the access control policies settings.

  2. On the Policies page, find the policy you want to edit. Click Edit on the policy entry.

    The Edit name & description dialog opens.

  3. In the Edit name & description dialog, use the Name and Description fields to make changes as necessary.

    • The Description field is optional, but you must enter a name into the Name field.

  4. Click Save to save your changes.

    The Edit name & description dialog closes and the Policies page is displayed, where your changes are displayed on the modified policy's entry.

You have successfully edited the details of an access control policy.

Delete an Access Control Policy

If an entire access control policy is no longer needed, you can delete it at any time. You can delete policies even if they still contain statements and are linked to users/teams: when you delete a policy that is still in use, the linked users immediately lose the permissions defined by the policy's statements.

To delete an access control policy, follow these steps:

Warning

Deleting an access control policy will also permanently delete all of its configuration data (e.g. statements, linked users/teams). You cannot undo this action. After a policy has been deleted, it is not possible to recover any of its configuration data later.

  1. Open the access control policies settings.

  2. On the Policies page, find the policy you want to delete. On the policy's entry, click Delete Policy.

  3. In the confirmation dialog, click Yes to confirm and delete the selected policy.

    The confirmation dialog closes, and the Policies page is displayed, where the deleted policy is immediately removed from the list.

You have successfully deleted a policy. Its statements are no longer applied to the previously linked users with immediate effect.

Unlink Users from an Access Control Policy

If a policy's permissions scope should no longer be applied to a user or team, you can unlink them from the policy at any time.

Note

You can also add more users to an existing policy at any time, if needed.

To unlink users or teams from an existing policy, follow these steps:

  1. Open the access control policies settings.

  2. On the Policies page, find the policy from which you want to unlink users or teams. On the policy's entry, click the Expand button to view its details.

  3. In the expanded view of the policy, click Link users/teams.

    The Link Users/Teams dialog opens.

  4. Remove the users you want to unlink from the policy:

    • To unlink all users on a team: Click Remove on the team's entry to deselect it from the Select one or more teams field.

    • To unlink individual users: Click Remove on the user's entry to deselect it from the Select one or more users field.

      Tip

      If you need to unlink only specific users who were added as part of a team, first unlink the team from the policy, then re-link the users who should remain connected to the policy by selecting them in the Select one or more users list.

      Alternatively, you can also remove the users to be unlinked from the team.

  5. Click Link Users to finish unlinking the deselected users/teams from the policy.

    The Link Users/Teams dialog closes and the Policies page is displayed, where the unlinked users or teams are no longer listed in the expanded view of the policy.

You have successfully unlinked users or teams from a policy. Your changes will take effect for the affected users immediately.

Edit Statements in an Access Control Policy

You can make changes to any existing statement within a policy, including statements that are currently in use (e.g. statements in a policy that has linked users/teams). For any existing statement, you can change the effect, resource, or action, as well as add or remove conditions.

Note

You can also add more statements to an existing policy at any time, if needed.

To edit an existing statement, follow these steps:

  1. Open the access control policies settings.

  2. On the Policies page, find the policy that contains the statement you want to edit. On the policy's entry, click the Expand button to view its statements.

  3. In the expanded view of the policy, find the statement you want to edit in the table. On the statement's table row, click Edit Statement.

    The Create Statement dialog opens, with the Statement Editor tab displayed (if the statement contains conditions, the Raw JSON tab is displayed instead).

  4. Make changes to the statement as needed.

  5. Click Save to save your changes.

    The Create Statement dialog closes and the Policies page is displayed, where your changes are displayed in the expanded view of the applicable policy.

You have successfully edited a statement. Your changes will take effect for linked users/teams immediately.

Delete a Statement From an Access Control Policy

If a specific statement within an access control policy is no longer needed, you can delete it at any time. You can delete statements even if their containing policy is still active (i.e. currently linked to active users/teams): when you delete a statement that is still in effect, the linked users immediately lose the permissions defined by the deleted statement.

To delete a statement from an access control policy, follow these steps:

Warning

Deleting a statement is permanent. You cannot undo this action. After a statement has been deleted, it is not possible to recover any of its configuration data later.

  1. Open the access control policies settings.

  2. On the Policies page, find the policy that contains the statement you want to delete . On the policy's entry, click the Expand button to view its statements.

  3. In the expanded view of the policy, find the statement you want to edit in the table. On the statement's table row, click Delete Statement.

    Caution

    Be careful not to click the similar-looking Delete Policy button!

  4. In the confirmation dialog, click Delete to confirm and delete the selected statement.

    The confirmation dialog closes, and the Policies page is displayed, where the deleted statement is no longer listed in the expanded view of the policy.

You have successfully deleted a policy. Its statements are no longer applied to the previously linked users with immediate effect.