Saltar al contenido principal

PDP Policy Autocreation

Version 2


Important: When referencing this page outside of Knowledge Base, use this link:

Important: This topic is for INTERNAL USE ONLY. Do NOT share any of the content in this page with customers!


This utility automates the creation of PDP policies.


You will need the following to use the PDP utility:

  • Access Token with access to the customer instance and data sources.

  • The name or ID of the "config" DataSet. This is the DataSet containing the values to create the policies. This typically consists of a user email address and values, as follows:

    • The user name or group name. Separate multiple names using the pipe (|) character.

    • The comparison value in a policy. Separate multiple values using the pipe (|) character.
       Currently only the "equals" operator is supported.  

  • The file, which is auto-generated upon a successful login. Once you have logged in, you can run the utility headless.

If you want email notifications on successes and errors, place a properties file in the same directory as the .jar file, as follows:

Configuration Data Source

The following is an example of the configuration data source:

  • target_ds – The name or ID of the data source in which you want to create the policies.

  • policy_name – The human readable policy name.

  • delete_options 

    • All – Delete all existing PDP policies before creating any new ones.

    • Matches – Only delete the PDP policies that match by name.

    • None – Do not delete any of the existing PDP policies.

    • Update – Update the PDP policies that match by name, create new PDP policies that are not in the existing list, and delete any orphaned policies.

  • policy_column – The column name that the filter will be created on.

  • user_group – The user name or group name. Separate multiple names using the pipe (|) character.

  • value – The value in the filter. Separate multiple values using the pipe (|) character.

To add multiple filters, set the ‘policy_name’ & ‘user_group’ to the same values (shown in pink in the preceding screenshot).

The utility supports multiple target data sources in the 'target_ds' column (shown in red and green in the preceding screenshot).

To add users/groups to the ‘default’ policy set the ‘policy_column’ & ‘value’ to All Rows (shown in purple in the preceding screenshot).

Running the PDP Utility

The PDP Utility can be run in one of three modes: standalone GUI, Command Line or via a configuration file.

Standalone GUI

This is a wizard-like interface that walks you through the creation of the PDP Policies. Double-click the PDP.jar or execute from the command line with no parameters.

java -Xmx1024m -jar PDP.jar

Command Line

This is a headless utility that can be scripted. Once you have logged in once, you can run the utility headless.

java -Xmx1024m -jar PDP_2.0.jar <domain> <config_ds>

<domain> : The customer instance.

<config_ds> : The name or ID of the "config" DataSet. This is the DataSet that contains the key value pairs to create the polices. This is typically a user email and a value.