Skip to main content


A policy variable contains information about security access to data


Policy variables are used to restrict access to certain data within the platform.

Defining a Policy

Below is a table with all the properties of a policy:

_idStringRunAllReportsThe unique id for this policy
categoryStringTeamUsersAn optional category used for filtering policies
descriptionStringMy test policyA descriptive name for the policy
enabledBooleantrueTrue if it is enabled, false to disable it, by default the policy is enabled
sourceStringprivateThe data source, defaults to private if omitted
serviceStringdataThe service that this policy relates to or * for all services
conditionStringsource = 'ICE'The condition used to filter the data that this policy restricts
denyBooleanfalseTrue if this is a deny policy, false if this is an allow policy
actionsListreadThe actions that this policy applies to (create, read, update, delete, run)
membersListuser@company.comThe user emails or Azure Active Directory group id's this policy applies to


A policy has the following methods:

NameDescriptionReturn Type
addMember(name)Adds a member to this policyvoid
removeMember(name)Removes a member from this policyvoid
addAction(action)Adds an action to this policyvoid
addActions(action[])Adds multiple actions to this policyvoid
setFullAccess()Sets this policy to cover all actionsvoid

Example policy definition:

"_id": "DenyAccessToBWSSBData",
"category": "TradingTeam",
"description": "Deny all access to BWSSB data",
"source": "private",
"service": "object",
"condition": "source = 'BWSSB'",
"deny": true,
"actions": [
"members": [
"enabled": true

Updating, Finding and Deleting Policies

Saving a policy

To save a policy in OpenDataDSL code, use the save command as follows:

RunAllReports = Policy()
RunAllReports.description = "Run all reports"
RunAllReports.service = "report"

save RunAllReports

Listing policies

To find policies, you use the ODSL find command, e.g.

policies = find ${policy}

You can use the unique keyword to just get all the ids of your policies, e.g.

policynames = find unique _id from ${policy}

Retrieving a specific policy

To get a specific named policy, you use the policy active variable. You can then examine the information on the policy, e.g.

p = ${policy:"ReadExampleReports"}
print p.description

Disabling a policy

You can disable a policy by setting the enabled flag to false, e.g.

p = ${policy:"ReadExampleReports"}
p.enabled = false
save p

Deleting a policy

To delete a policy, you issue the delete command, e.g.

delete ${policy:"ReadExampleReports"}