Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Policy Decision Service contains the properties that affect the overall operation of the Data Governance Server policy service.
↓Relations from This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation from Policy Decision Service:
The following components have a direct aggregation relation from Policy Decision Service:
The properties supported by this managed object are as follows:
| General Configuration Basic Properties: | Advanced Properties: |
|---|---|
| ↓ pdp-mode | None |
| ↓ deployment-package | |
| ↓ policy-server | |
| Policy Request Configuration Basic Properties: | Advanced Properties: |
| None | ↓ decision-response-view |
| Property Group | General Configuration |
| Description | Determines whether policy requests are made to the embedded PDP or over REST to an external policy decision server. |
| Default Value | disabled |
| Allowed Values | disabled - The policy service will be disabled. Some Data Governance Server HTTP services will be unavailable until the policy service is enabled. external - PDP invocations are made over REST to an external policy decision server. This mode may be more convenient in development environments where policies are being developed. When this option is selected policy requests will be directed to the external server defined by the policy-server property. embedded - PDP invocations are made via a Java call to the embedded PDP library. This is more efficient and is the recommended mode for production environments. When this option is selected the PDP will run with the policies defined by the deployment-package property. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Property Group | General Configuration |
| Description | Contents of the policy Deployment Package to load into the embedded decision point. The policies defined by this Deployment Package are only used if the value of the pdp-mode property is "embedded". |
| Default Value | None |
| Allowed Values | application/sdp+json |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Property Group | General Configuration |
| Description | Specifies the policy external server that is hosting the Policy Decision Point (PDP) for this instance of Data Governance Server. This external server is only used if the value of the pdp-mode property is "external". |
| Default Value | None |
| Allowed Values | The DN of any Policy External Server. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
decision-response-view (Advanced Property)
| Property Group | Policy Request Configuration |
| Description | Specifies supplementary data categories ("views") to be returned with the policy decision response. Decision response views provide detailed context that can be useful when troubleshooting policy decisions. Note that requesting additional decision response views may cause the Trace Log Publisher or the Policy Decision Log Publisher to record sensitive data. |
| Default Value | No supplementary decision response views are requested. |
| Allowed Values | request - The policy decision request. May include sensitive data. decision-tree - Detailed output tracing the decision's policy evaluation flow. evaluated-entities - Attribute resolution details. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To view the Policy Decision Service configuration:
dsconfig get-policy-decision-service-prop
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the Policy Decision Service configuration:
dsconfig set-policy-decision-service-prop
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...