Providing you are a LUSID user with sufficient privileges, you can create a policy collection to group logically similar policies together.
Note: If you are the LUSID domain owner, you are automatically assigned the built-in lusid-administrator role, which has all the permissions necessary to perform the operations in this article.
For example, you might create a policy collection to group a matching feature policy and data policy that together permit operations on a particular dataset. Once created, you should assign the policy collection to a role.
Using the LUSID graphical web app
- Sign in to the LUSID web app using the credentials of a LUSID administrator.
- From the left-hand menu, select Identity and access > Policy collections:
- On the Policy collections dashboard, click the Create policy collection button.
- Specify a unique Code for the policy collection, and then assign suitable policies using the Policies > Choose dropdown. Optionally, you can choose to nest policy collections using the Policy collections > Choose dropdown:
Using the Access API
- Obtain an API access token.
- Call the Access POST /api/policycollections API endpoint for your LUSID domain, passing in your API access token and assigning policies (or nested policy collections). For example:
curl -X POST "https://<your-domain>.lusid.com/access/api/policycollections" -H "Authorization: Bearer <your-access-token>" -H "Content-Type: application/json" -d '{"code":"allow-portfolio-access","policies":[{"scope":"default","code":"data-read-portfolios-quotes-us"},{"scope":"default","code":"feature-read-portfolios-quotes-us"}],"policyCollections":[]}}'The response contains the scope and code that together uniquely identify the policy collection:{ "id": { "scope": "default", "code": "allow-portfolio-access" }, "policies": [ { "scope": "default", "code": "data-read-portfolios-quotes-us" }, { "scope": "default", "code": "feature-read-portfolios-quotes-us" } ], "policyCollections": [], ... }