Editing policy store schemas in Visual mode
When you select Schema in the Amazon Verified Permissions console, the Visual mode displays the Entity types and Actions that make up your schema. At this top-level view or from within the details of any entity, you can choose Edit schema to begin to make updates to your schema. Visual mode isn’t available with some schema formats like nested records.
The visual schema editor begins with a series of diagrams that illustrate the relationships between the entities in your schema. Choose Expand to maximize your view of the diagrams. There are two diagrams available:
Actions diagram – The Actions diagram view lists the types of Principals you have configured in your policy store, the Actions they are eligible to perform, and the Resources that they are eligible to perform actions on. The lines between entities indicate your ability to create a policy that allows a principal to take an action on a resource. If your actions diagram doesn't indicate a relationship between two entities, you must create that relationship between them before you can allow or deny it in policies. Select an entity to see a properties overview and drill down to view full details. Choose Filter by this [action | resource type | principal type] to see an entity in a view with only its own connections.
Entity types diagram – The Entity types diagram focuses on the relationships between principals and resources. When you want to understand the complex nested parent relationships in your schema, review this diagram. Hover over an entity to drill down into the parent relationships that it has.
Under the diagrams are list views of the Entity types and Actions in your schema. The list view is useful when you want to immediately view the details of a specific action or entity type. Select any entity to view details.
To edit a Verified Permissions schema in Visual mode
Open the Verified Permissions console
. Choose your policy store. -
In the navigation pane on the left, choose Schema.
-
Choose Visual mode. Review the entity-relationship diagrams and plan the changes that you want to make to your schema. You can optionally Filter by one entity to examine its individual connections to other entities.
-
Choose Edit schema.
-
In the Details section, type a Namespace for your schema.
-
In the Entity types section, choose Add new entity type.
-
Type the name of the entity.
-
(Optional) Choose Add a parent to add parent entities that the new entity is a member of. To remove a parent that has been added to the entity, choose Remove next to the name of the parent.
-
Choose Add an attribute to add attributes to the entity. Type the Attribute name and choose the Attribute type for each attribute of the entity. Verified Permissions uses the specified attribute values when verifying policies against the schema. Select whether each attribute is Required. To remove an attribute that has been added to the entity, choose Remove next to the attribute.
-
Choose Add entity type to add the entity to the schema.
-
In the Actions section, choose Add new action.
-
Type the name of the action.
-
(Optional) Choose Add a resource to add resource types for which the action applies to. To remove a resource type that has been added to the action, choose Remove next to the name of the resource type.
-
(Optional) Choose Add a principal to add a principal type that the action applies to. To remove a principal type that has been added to the action, choose Remove next to the name of the principal type.
-
Choose Add an attribute to add attributes that can be added to the context of an action in your authorization requests. Enter the Attribute name and choose the Attribute type for each attribute. Verified Permissions uses the specified attribute values when verifying policies against the schema. Select whether each attribute is Required. To remove an attribute that has been added to the action, choose Remove next to the attribute.
-
Choose Add action.
-
After all the entity types and actions have been added to the schema, choose Save changes.