creating-service-policies

New Service Policy via UI

1. On the left side nav bar, click "Ziti Policies"
2. On the top nav bar, click "Service Policies"
3. In the top right corner of the screen click the "plus" image to add a new Service Policy
4. Choose a name for the Service Policy, such as "My Service Policy"
5. Select "Dial" or "Bind" in the Type dropdown
   1. Dial policies allow identities to use or connect to the service
   2. Bind policies allow identities to host or provide the service
6. Enter the services you want to include in the policy
   1. Specific services can be referenced by ID or name using @. For example, a service called ssh can be referenced using @ssh.
   2. Services can be referenced by role attribute using #. For example, any service which has the sales role attribute will be included if #sales is included in the service roles list.
7. Enter the identities you want to include in the policy
   1. Specific identities can be referenced by ID or name using @. For example, as identity called jsmith-desktop can be referenced using @jsmith-desktop.
   2. Identities can be referenced by role attribute using #. For example, any identity which has the sales role attribute will be included if #sales is included in the identities roles list.
8. Specify the role semantic
   1. If you select Has Any Role then if you specify multiple roles then all entities which include any of the roles will be included.
   2. If you select Must Have All Roles, then if you specify multiple roles then only entities which include all of the given roles will be included
9. Click save

New Service Policy via CLI

To create a Service Policy using the CLI issue the following commands.

1. To use the CLI, you'll need to be logged in. Link to instructions

2. Create a service policy named my-policy which allows all identities to dial/connect to all services.

   ziti edge create service-policy my-policy Dial --identity-roles '#all' --service-roles '#all'