Examples

In this section we aim to present some examples of policies defined in natural language and how they can be translated into HAPI.

Read-only access

"Bob can read all resources, Alice can read and update emails, but only read credit card numbers."

main = 
  DENY
  EXCEPT
    ALLOW {
      Actor = Bob
      Resources
      Actions = Reads
    }
    ALLOW {
      Actor = Alice
      Resources = EMAIL, CCN
      Actions = Reads
    }
    ALLOW {
      Actor = Alice
      Resources = EMAIL
      Actions = Updates
    }

Add a default rule

"Everyone can read emails. Bob can read and delete all data but only updates credit card numbers. Alice can perform all actions in emails"

main = 
  DENY
  EXCEPT
    ALLOW {
      Actor = Bob
      Resources
      Actions = Reads, Deletes
    }
    ALLOW {
      Actor = Bob
      Resources = CCN
      Actions = Updates
    }
    ALLOW {
      Actor
      Resources = EMAIL
      Actions = Reads
    }
    ALLOW {
      Actor = Alice
      Resources = EMAIL
      Actions
    }

Apply the same rules to a group of users

"Bob, Alex and Jeff can read all resources, but Alex can't read emails."

alexCantReadEmails =
  DENY {
        Actors = Alex
        Resources = EMAIL
        Actions = Reads
      }

main = 
  DENY
  EXCEPT
    ALLOW {
      Actor = Bob, Alex, Jeff
      Resources
      Actions = Reads
    }
    EXCEPT
      DENY alexCantReadEmails

Apply rule to a service/group identified by its name

"Operating Cost Predictor service can read all the data."

main = 
  DENY
  EXCEPT
    ALLOW {
      Actor = OperatingCostPredictor
      Resources
      Actions = Reads
    }

Here we're applying rules to a group of values in our lattice. In this case, the service OperatingCostPredictor may be composed of members such as Alice, Bob and Jeff. Then the rules applied to OperatingCostPredictor will also be applied to the three of them.

Combining rules to services/groups with intersections

"Operating Cost Predictor service can read all the data but Intern can't read sensitive ones."

internDontAccessSensitiveData =
  DENY {
        Actors = Intern
        Resources = Sensitive
        Actions
      }

main = 
  DENY
  EXCEPT
    ALLOW {
      Actor = OperatingCostPredictor
      Resources
      Actions = Reads
    }
    EXCEPT
      DENY internDontAccessSensitiveData

In this context, let's say that the group Intern is made of Bob and Jeff. And the OperatingCostPredictor service contains Alice and Jeff. Therefore, Alice will be able to read all data, but Jeff, because he is an intern, won't be able to read sensitive data.