Quickstart and Modules tabs

Click on the api-auth policy instance, and select the Quickstart tab. The Citadel identity provider that contains the Rick and Morty users is already connected.

Import an OpenAPI spec

In the next step, you can optionally import your own OpenAPI spec. If you have one ready, try it out... otherwise feel free to skip this step and rely on the existing three services that we’re using as sample data.

The OPA policy

Click on the Modules tab, and observe a single Rego module - the boilerplate policy-rebac.check module.

Compare that with the complexity of having to manage a custom policy for every service! As mentioned, we are transforming a policy problem into a data modeling problem, which we will explore next.

But it’s important to note that any additional attribute-based access control or environment-oriented access restrictions can be easily added to this boilerplate policy. For example, you can easily extend the policy to ensure that users who are “contractors” are only allowed to invoke endpoints on weekdays.

Since every OPA policy is a Topaz policy, you can bring the full power of OPA and Rego to bear on your custom authorization policies.

Next steps

Next, let's explore the authorization model and the instance data that the template created.

Quickstart and Modules tabs

Import an OpenAPI spec​

The OPA policy​

Next steps​

Import an OpenAPI spec

The OPA policy

Next steps