Use the Slack Evaluator

Now that you have created your policy instance, you can test it out with the Evaluator. The Evaluator supports several requests, corresponding to Aserto's authorization APIs - is, decisiontree, and query. The default "Check" request, however, is specifically designed for policy-rebac. Using the Evaluator allows you to quickly verify whether a user has a relationship (or permission) on an object.

The Evaluator has two parts. The REQUEST part on the left is where you specify information about the action being performed, while the OUTPUT on the right displays the body of the request as well as the response.

The table below explains the selection fields.

Field	Description
Subject	The user to evaluate. For Slack there are 5 Citadel users that you can select from.
Object Type	The type of object to evaluate. For Slack this will be `Channel`.
Object	The object instance to evaluate.
Relation	Which relation or permission to evaluate.

Testing the policy

Now let's check a few different scenarios using the Evalator. First, a few important things to note about Rick and Morty:

Rick is a channel_admin of the smiths workspace. This means he has the can_read, can_write, can_comment, and can_delete permission on any channel within that workspace, including the general, citadel, and gossip channels.
Morty is a member of the smiths workspace. Every member of that workspace is a writer on the gossip channel. In addition, Morty is also explicitly a writer on the citadel channel, so he has the can_read, can_write, and can_comment permissions on both channels. However, Morty has no permissions on the general channel.

Scenario 1 - can Rick read the `citadel` channel?

For Subject, select "Rick Sanchez".
For Object Type, select "Channel".
For Object, select "citadel".
For Relation, select "can-read".
Click the Play button.
You should see "is": true under results indicating the action will be permitted.

Scenario 2 - can Rick delete the `general` channel?

For Subject, select "Rick Sanchez".
For Object Type, select "Channel".
For Object, select "general".
For Relation, select "can-delete".
Click the Play button.
You should see "is": true under results indicating the action will be permitted.

Scenario 3 - can Morty write the `citadel` channel?

For Subject, select "Morty Smith".
For Object Type, select "Channel".
For Object, select "citadel".
For Relation, select "can-write".
Click the Play button.
You should see "is": true under results indicating the action will be permitted.

Scenario 4 - can Morty write the `general` channel?

For Subject, select "Morty Smith".
For Object Type, select "Channel".
For Object, select "general".
For Relation, select "can-write".
Click the Play button.
You should see "is": false under results indicating the action will be denied.

Scenario 5 - can Morty write the `gossip` channel?

For Subject, select "Morth Smith".
For Object Type, select "Channel".
For Object, select "general".
For Relation, select "can-write".
Click the Play button.
You should see "is": true under results indicating the action will be permitted.

Next steps

Now that you have seen how the policy works, you'll use the Quickstart in the console to download and run the sample back-end API, which uses the slack policy for access control.

Click on the "Quickstart" tab on the left.

Testing the policy​

Scenario 1 - can Rick read the citadel channel?​

Scenario 2 - can Rick delete the general channel?​

Scenario 3 - can Morty write the citadel channel?​

Scenario 4 - can Morty write the general channel?​

Scenario 5 - can Morty write the gossip channel?​

Next steps​