# Policy Manager
### **Using Keycloak to allocate/get 'Partner Admin' and/or 'Policy Manager'**
Using the same partner admin credentials, follow the steps below so that the user can be configured with POLICYMANAGER role too.
Steps to configure **POLICYMANAGER** role in keycloak:
1. Go to keycloak and search your 'User-Name' in Users tab.
2. Go to the **Role Mapping** tab.
3. In the **Available Roles** section, select '**Policy Manager'**, click **Add** to move the selected role to the **Assigned Roles** list.
4. Log in to the **PMS** portal with the same user credentials, you should now have access to the **Admin Dashboard** with 'Policies' card accessible for use.
{% hint style="info" %}
**Note:**
Both PARTNER\_ADMIN and POLICYMANAGER roles are necessary for **Policies** card to appear on Admin dashboard UI.
Therefore add **Policy Manager** role when you want that the 'Policies-Card' should also get enabled for you and turn you into a 'Policy Manager' as well.
If only PARTNER\_ADMIN role would have been configured, only the following cards would have been displayed:
{% endhint %}
This card is accessible for roles Partner Admin and Policy Manager.
In UI- both PARTNER\_ADMIN and POLICYMANAGER roles should be granted for the card to appear in the dashboard.
As a partner admin cum policy manager - creation and management of Policy Group, Authentication Policy, Datashare Policy and MISP Policy are enabled within Policies card.
{% hint style="info" %}
**Note**:
If only 'Policy Manager' role is configured in keycloak, then the user will still be able to access the portals as a normal partner. Hence both; 'Partner Admin' & 'Policy Manager' roles are necessary to access all the cards/privileges above.
{% endhint %}
{% hint style="success" %}
**Important**:
After configuring the roles and if PMS portal is still logged in, make sure to logout and login again for the roles to get updated.
{% endhint %}
## Policies
You can use the 'Policies' to create and manage Policy Group, Authentication Policy and Datashare (You should have privileges of both; Partner Admin and Policy Manager).
The 'Policies' section is accessible to you only if both **Partner Admin**, **Policy Manager** and **MISP Policy** roles are allocated to you and also the 'Policies' card will appear enabled on the the dashboard.
### Policies has following tabs:
* Policy Group, (This tab is selected by default)
* Authentication Policy,
* Datashare Policy
* MISP Policy
**Policy Group**
Policy Group tab allows you to do following:
* View Policy Group
* List view
* Details View
* Create Policy Group
* Deactivate Policy Group
**Authentication Policy**
* View Authentication Policy
* List view
* Details View
* Create Authentication Policy (by mapping to an already created Policy Group)
* Deactivate Authentication Policy
* Clone Authentication Policy - The download functionality of following certificates is possible only during following instances
* Edit Authentication Policy (Which is in draft status)
* Publish Authentication Policy (Which is in draft status so that the status changes to 'Activated')
**Datashare Policy**
* View Datashare Policy:
* List view
* Details view
* Create Datashare Policy: By mapping to an already created Policy Group
* Deactivate Datashare Policy
* Clone Datashare Policy
* Edit Datashare Policy (Which is in draft status)
* Publish Datashare Policy (Which is in draft status so that the status changes to 'Activated')
**MISP Policy features**
a) Create MISP Policy by mapping to an already created Policy Group.
b) Tabular view of previously created MISP Policy along with the status
c) View created MISP Policy details
d) Deactivate MISP Policy
e) Clone MISP Policy in different policy groups on clicking Clone option in action item of records in Tabular view screen
f) Edit MISP Policy which is in draft status.
g) Publish MISP Policy which is in draft status so that the status changes to ‘Active’.
### Policy Group
#### View Policy Group
**List View - Policy Groups**
All the policy groups created so far by Partner Admin / Policy Manager are displayed on 'List of Policy Groups' page.
**Details View - Policy Group**
Admin can either click on 'Go Back' to redirect to 'List of Policy Groups' page as shown below or click on 'Home' to navigate back to Home page/ dashboard.
The options provided in 'Action menu are: View, Deactivate.
Clicking on View in action menu or by clicking the row item itself, admin is navigated to View Policy Group page where the policy group details are displayed along with its status: Activated or Deactivated.
**Create Policy Group**
On clicking the 'Create Policy Group' option on the top right of the screen, we can create a Policy Group by providing suitable name and description that is self explanatory for partners, who would be selecting them during Partner Policy Request to create API Key / OIDC Client etc.
On click of Submit, a success message appears.
**Deactivate Policy Group**
If the admin wants to deactivate the Policy Group, then click on Deactivate option in action menu.
A popup window appears seeking for confirmation before proceeding to deactivate.
After confirming deactivation, the respective record is greyed out in the tabular view.
The action menu here is enabled with only View option. (Deactivate in action menu is disabled).
After deactivation, the View policy group page [MOSIP-36963](https://mosip.atlassian.net/browse/MOSIP-36963) will display 'Deactivated' status
Once the policy group is deactivated by Policy Manager, the partner will not be able to fetch this policy group in any of the screens in their PMS portal.
{% hint style="info" %}
**Note:**
Policy Group cannot be deactivated if there are active or draft policies associated to the given policy group.
{% endhint %}
If the Policy Group has active or draft policy / policies associated to it, then on clicking Confirm, following error message is displayed along with the count of such policies -
a) In case of Active and Draft policies associated to Policy Group:
b) In case of Active policies associated to Policy Group:
c) In case of Draft policies associated to policy group:
#### Authentication Policy / Datashare Policy/ MISP Policy:
* On clicking Authentication Policy tab, List of all previously created Authentication Policies are displayed.
* On clicking Datashare Policy tab, List of all previously created Datashare Policies are displayed.
* On clicking MISP Policy tab, List of all previously created MISP Policies are displayed.
* The steps and features are same for both Authentication, Datashare and MISP Policy.
{% hint style="info" %}
**Note**:
The steps and features are same for both Authentication and Datashare Policy.
{% endhint %}
Policies can have the following status - Draft, Activated or Deactivated.
1. Only Draft or Activated row items are clickable which navigates to View Authentication Policy details.
2. Action - Action menu displays a common menu item (View, Clone, Deactivate) with only the following menu items enabled for clicking based on below statuses:
1. Draft: Publish, View, Edit
2. Activated: View , Clone , Deactivate
3. Deactivated: View
**Create Authentication Policy**
On clicking 'Create Authentication Policy' button, Partner Admin / Policy manager is navigated to Create Authentication Policy page where details such as policy group, policy name, description etc will have to be entered.
{% hint style="info" %}
**Note**:
Only active policy groups are available in the policy group dropdown.
{% endhint %}
Click on the upload button to upload policy data. Only json files are allowed for upload.
Before saving the policy in draft, the policy data can be edited in the text area after policy data json file has been successfully uploaded.
On clicking on Save as Draft, following success message appears.
On clicking 'Go Back', admin is navigated back to List view where the policy is saved as 'draft' status.
The Edit option provided to Draft policy can be used by admin to make any changes in the policy details (except policy group) before publishing the policy.
On submitting after making required changes, a success message appears.
To publish policy which is currently in draft status, click on 'publish' option in action menu. A popup window appears seeking for confirmation to publish.
On clicking Publish, a success message appears . Click on close to close the window.
The given policy changes to 'Activated' status after being published. Once activated, the admin cannot edit the policy, hence the option is disabled.
**Clone Policy**
To clone any active policy onto another policy group, click on 'clone' in action menu. A popup window appears to select the policy group where the policy has to be cloned.
On selecting the policy group where policy has to be cloned, click on Clone and a success message appears.
Click on Close to navigate back to List of Authentication Policies screen.
**Deactivate Policy**
To deactivate a policy, click on Deactivate option in action menu of any activated policy record. A popup window appears seeking for confirmation.
{% hint style="info" %}
**Note**:
If the Policy has active partners associated to it i.e. there are **Approved** partner policy requests, then on clicking Confirm, following error message is displayed and the admin will be restricted to deactivate such policy groups.
{% endhint %}
{% hint style="info" %}
**Note:**
1. Policy can be deactivated if there are no policy requests associated with this policy.
2. Policy can be deactivated if there are Rejected policy requests associated with this policy.
3. Policy cannot be deactivated if there are pending policy requests associated with this policy. In this case , following error message is displayed- '\ Error: Partner - Policy Request Detected! \<Description> Pending policy requests are associated with this policy. Please take appropriate action in List of Partner Policy Linking screen'.
4. Once the policy is deactivated by partner admin/policy manager, the partner will not be able to fetch this policy in any of the screens in their PMS portal.
{% endhint %}
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-4574dcd12d9628f05c0abc145710293e9d6aba8d%2Ftemp-pms-admin-image57.png?alt=media" alt=""><figcaption></figcaption></figure>
**Viewing Policy**
On clicking **View** option of any policy or by clicking the row item itself, admin is navigated to View Authentication Policy where policy details can be viewed. Also click on preview to view the policy data in json format.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-91bd5dadf33bd056e64a100fd9ad245b70772e31%2Ftemp-pms-admin-image58.png?alt=media" alt=""><figcaption></figcaption></figure>
On clicking preview, policy data can be viewed in json format and an option to Download the data in local system is provided.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-9fd77aa08f324285af7f461cb0c32070b31f1733%2Ftemp-pms-admin-image59.png?alt=media" alt=""><figcaption></figcaption></figure>
#### Partner - Policy Linking:
The features provided to Partner Admin:
1. Approve/ Reject Policy requested by partner - clicking on 'Approve/ Reject' option in action menu of a policy record whose status is in pending for approval
2. Tabular view of Policies requested by partners along with the status
3. View individual policy request details : Either on clicking on view option in action menu of any of the active policy request in the tabular view or by clicking on the row item itself, it navigates to View Policy Request details page.
All the policy requests created by various partners are displayed in 'List of Partner - Partner Linkages' . The different statuses possible are: Pending for Approval, Approved, Rejected, Deactivated.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-d4a2b95f3dfb5c98c747cde625637e748060a2c8%2Ftemp-pms-admin-image60.png?alt=media" alt=""><figcaption></figcaption></figure>
The options provided for policy linking requests in 'Pending for Approval' are to Approve/ Reject. Also an option to view the policy request details is also provided.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-db665c06c840e162fc38bc89553eda7d2b7ab076%2Ftemp-pms-admin-image61.png?alt=media" alt=""><figcaption></figcaption></figure>
On clicking the Approve/ Reject option, the window appears - and partner admin can click on either Approve or Reject to take appropriate action
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-24f9c38f54eb8c0bc66ca98c428c4f6a11a8bd31%2Ftemp-pms-admin-image62.png?alt=media" alt=""><figcaption></figcaption></figure>
The status- Approved / Rejected gets updated in the tabular view.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-c8ab6ab68dc20e3d91adbfde5881549b61978f1c%2Ftemp-pms-admin-image63.png?alt=media" alt=""><figcaption></figcaption></figure>
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-535c128b3bedf6952d9d60db96624b1f632e020b%2Ftemp-pms-admin-image64.png?alt=media" alt=""><figcaption></figcaption></figure>
On clicking view of active record or the row item itself, the partner- policy linking view page is displayed along with comment history where partner comments and admin's approval status is displayed.
<figure><img src="https://1836199994-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F4EyCrLbFom7vj7UcMIUZ%2Fuploads%2Fgit-blob-535d1c35cc5ffb1d0b488ef316254a51cf646b79%2Ftemp-pms-admin-image65.png?alt=media" alt=""><figcaption></figcaption></figure>
