Customizing the authorization rules

You can customize the rules that allow or deny a request to the Stormshield KMaaS, using Open Policy Agent (OPA). The policy evaluates the request inputs. If the request is forbidden, the access is denied and the "403 Forbidden" error is returned.

In the config.json file, the policy_enforcement.enable parameter is mandatory. It allows you to specify whether you want to enable OPA rules or not.

The inputs relating to all API routes are described in section Inputs relating to all API routes.

The tables below describe the inputs specific to the KACLS.