# Manage Strategy

# Strategy data structure

Each strategy is essentially a JSON Document, each strategy contains multiple statements (Statements):

  "statements": [
      "resource": "books:123",
      "action": ["books:edit"],
      "effect": "ALLOW"
      "resource": "books:123",
      "action": ["books:delete"],
      "effect": "DENY"

Each Statement consists of the following parts:

  • Resource: it can be a specific resource (such as books:123), multiple resources (such as books:123,books:124), or a type of resource (such as books:* ).
  • Action: It can be a specific operation (such as books:edit), multiple operations (such as books:read, books:edit), or a type of operation (such as books:* ).
  • Effect (Effect): Allow (ALLOW) or deny (DENY).

You can authorize the policy to a certain user or a certain role. The policy authorized to the role will be inherited by all users under the role, and the user who is granted the policy will automatically obtain the permissions defined in the policy. If a user is granted multiple policies, his authority is the union of these policies.

If the above example policy is granted to user A (either directly or through role inheritance), he will have the books:edit permission of the resource books:123 instead of the books:delete permission.

# Use the Dashboard

You can manage policies on the Authority Management - Strategy Management page:

On the policy details page, you can authorize the policy to roles and users:

# Use SDK management

You can also use the SDK Manage Strategy:

Manage Strategy