Table of Contents
Advertisement
"resource_id"
]
}
]
}
The placeholders take the following values:
•
policy_name: A descriptive name for the policy, such as "only-wfd-aspera". If no value is specified, a UUID is
generated and returned in the output when the policy is created.
•
effect_value: Set to ALLOW or DENY.
•
permission: An action that the user is allowed or denied, depending on effect_value. Values can use * to match any
sequence of characters. For example, to allow all Watch Folder-related actions, enter "WF_*". See the following
section for a complete list of permissions.
•
resource_id: For Watch Folder-related permissions, specify the resources to which the actions apply by their
Aspera Resource Name (ARN), using the following general syntax:
arn:service:resource_type:resource
Where service identifies the product (watchfolder or watch), resource_type is the type of resource (wfd for
a Watch Folder daemon , wf for a Watch Folder), and resource is the resource ID, or a series of IDs to specify the
daemon and Watch Folder ID of a specific Watch Folder. See the following section for examples.
Actions
The following actions are permissions to create, delete, and view policies, and assign users to policies. These actions
do not require that you specify a value for "resources". To allow all permissions, use "PERM_*".
PERM_CREATE_POLICY
PERM_DELETE_POLICY
PERM_LIST_POLICIES
PERM_ATTACH_USER_POLICY
PERM_DETACH_USER_POLICY
PERM_LIST_USER_POLICIES
The following actions create, delete, and view Watch and Watch Folder services. These actions do not require that
you specify a value for "resources". Users without these permissions must create Watch Folders that use existing
Watch and Watch Folder services.
PERM_LIST_RESOURCES
PERM_CREATE_RESOURCE
PERM_DELETE_RESOURCE
The following actions create and delete Watch Folders. These actions require that you specify the wfd
resource, as arn:watchfolder:wfd:daemon. To allow actions on Watch Folders as any daemon, use
arn:watchfolder:wfd:*.
WF_CREATE_WATCHFOLDER
WF_DELETE_WATCHFOLDER
Note: Node API users must have PERM_LIST_RESOURCES allowed in order to allow
WF_CREATE_WATCHFOLDER or WF_DELETE_WATCHFOLDER.
The following actions retrieve Watch Folder configuration and state, update the Watch Folder,
and retry a Watch Folder drop. These actions require that you specify the wf resource, as
arn:watchfolder:wf:daemon:watchfolder_id. To allow actions on any Watch Folders run by any
daemon, use arn:watchfolder:wf:*:*.
WF_GET_WATCHFOLDER
WF_GET_WATCHFOLDER_STATE
| Watch Folders and the Aspera Watch Service | 208
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
