- Products ProductsLocation Services
Solve complex location problems from geofencing to custom routing
PlatformCloud environments for location-centric solution development, data exchange and visualization
Tracking & PositioningFast and accurate tracking and positioning of people and devices, indoors or outdoors
APIs & SDKsEasy to use, scaleable and flexible tools to get going quickly
Developer EcosystemsAccess Location Services on your favorite developer platform ecosystem
- Documentation DocumentationOverview OverviewServices ServicesApplications ApplicationsDevelopment Enablers Development EnablersContent ContentHERE Studio HERE StudioHERE Workspace HERE WorkspaceHERE Marketplace HERE MarketplacePlatform Foundation and Policy Documents Platform Foundation and Policy Documents
- Pricing
- Resources ResourcesTutorials TutorialsExamples ExamplesBlog & Release Announcements Blog & Release AnnouncementsChangelog ChangelogDeveloper Newsletter Developer NewsletterKnowledge Base Knowledge BaseFeature List Feature ListSupport Plans Support PlansSystem Status System StatusLocation Services Coverage Information Location Services Coverage InformationSample Map Data for Students Sample Map Data for Students
- Help
project policy
The OLP CLI supports the following:
- list project policies
- create a project policy
- update a project policy
- show a project policy
- delete a project policy
project policy list
Retrieves all the policies that are in a project.
olp project policy list <project HRN> [command options]
Required parameters:
-
<project HRN>Specifies the HRN of the project.
Optional parameters:
-
--type <custom|here-platform>Specifies a type of the project policy to be listed for the specified<project HRN>.customdenotes projects created by the project admin and available to apply to identities within the project.here-platformdenotes HERE-managed policies available to apply to identities within the project. -
--limit <max number of project policies>Specifies the maximum number of project policies returned in the result (100 by default). -
--credentials <path to credentials file>Specifies the name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>Specifies the name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays the project HRNs, each on a new line.
For more information on using credentials and profiles, see Credentials setup.
Example:
olp project policy list hrn:here:authorization::org:project/myproject --json
Output:
{"policies": [
{
"id": "all-access-for-abc-catalog",
"hrn": "hrn:here:authorization::org:project/my-project:policy/all-access-for-abc-catalog",
"name": "allAccessForAbcCatalog",
"description": "Read and write access to abc catalog.",
"type": "custom",
"permissions": [
{
"resource": "hrn:here:data::org:abc-catalog",
"resourceType": "catalog",
"allowedActions": [
"readResource", "writeResource"
]
}
]
},
{
"id": "read-only-access-to-all-catalogs",
"hrn": "hrn:here:authorization::org:platform:policy/read-only-access-to-all-catalogs",
"name": "readOnlyAccessToAllCatalogs",
"description": "Read access to all catalogs in project.",
"type": "here-platform",
"permissions": [
{
"resourceType": "catalog",
"allowedActions": [
"readResource"
]
}
]
}
]
}
project policy create
Creates a project policy.
olp project policy create <project HRN> --config <path to config file> [command options]
Required parameters:
-
<project HRN>Specifies the HRN of the project. -
--config <path to config file>Specifies the path to the configuration file to create the project policy with.
Configuration file
Represents a JSON file containing required fields to create/update the project policy with.
Fields:
-
id (string)The identifier for the project policy. -
name (string)The name for the project policy. -
description (string)The description for the project policy. -
permissions (array[string])The list of permissions for the project policy. -
resource (string)The HRN of the resource. -
resourceType (string)The type of the resource. Acceptable values:catalog,pipeline,pipeline-template,schema,artifact,service. -
allowedActions (array[string])The list of actions allowed to be taken against either the resource or the resource type defined in the project policy in the context of the project. Allowed actions can be also retrieved using theolp resource action listcommand.
Sample Config File:
{
"id": "all-access-for-xyz-catalog",
"name": "Access to xyz catalog",
"description": "Full access to xyz catalog",
"permissions": [
{
"resource": "hrn:here:data::org:<catalog-id>",
"allowedActions": [
"readResource",
"manageResource",
"writeResource"
]
}
]
}
Optional parameters:
-
--credentials <path to credentials file>Specifies the name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>Specifies the name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays empty output with no additional information.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below creates a new project policy:
Linux
Windows
olp project policy create hrn:here:authorization::org:project/myproject \
--config path/to/config.jsonolp project policy create hrn:here:authorization::org:project/myproject ^
--config path/to/config.jsonOutput:
Policy hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog has been created in project hrn:here:authorization::org:project/myproject
Note
This command allows you to construct policies without validation to check if the resources you’re including in the policy already exist in the project. This allows you to construct policies in advance of resource creation, which may be useful for some CI/CD flows. However, it also allows you to construct policies that include resources that are not accessible in the project, for instance, resources that are in another project and have not been shared and linked to the project for which you are creating policies. When such a policy is applied to a project member, such a member still will not have access to such resources contained in the policy.
project policy update
Updates a specified project policy.
olp project policy update <project HRN> <policy HRN> --config <path to config file> [command options]
Required parameters:
-
<project HRN>Specifies the HRN of the project. -
<policy HRN>Specifies the HRN of the policy. -
--config <path to config file>Specifies the path to the configuration file to update the project policy with.
Configuration file
Sample Config File:
{
"id": "read-access-for-xyz-catalog",
"name": "Read access for catalog xyz",
"description": "This is a custom project policy that grants read access to catalog xyz",
"permissions": [
{
"resource": "hrn:here:data::org:<catalog-id>",
"resourceType": "catalog"
"allowedActions": [
"readResource"
]
}
]
}
Note
The config file for the olp project policy update command must have the same structure as for the olp project policy create command.
Optional parameters:
-
--credentials <path to credentials file>Specifies the name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>Specifies the name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays empty output with no additional information.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below updates a specified project policy:
Linux
Windows
olp project policy update hrn:here:authorization::org:project/myproject \
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog
--config path/to/config.jsonolp project policy update hrn:here:authorization::org:project/myproject ^
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog
--config path/to/config.jsonOutput:
Policy hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog has been updated in project hrn:here:authorization::org:project/myproject
Note
This command allows you to update specified policies without validating if the resources you're including in the policy already exist in the project. This allows you to update policies in advance of resource creation, which may be useful for some CI/CD flows. However, it also allows you to update policies that include resources that are not accessible in the project, for instance, resources that are in another project and have not been shared and linked to the project for which you are updating policies. When such a policy is applied to a project member, such a member still will not have access to such resources contained in the policy.
project policy show
Shows the details of a project policy.
olp project policy show <project HRN> <policy HRN> [command parameters]
Required parameters:
-
<project HRN>Specifies the HRN of the project. -
<policy HRN>Specifies the HRN of the project policy.
Optional parameters:
-
--credentials <path to credentials file>Specifies the name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>Specifies the name of the credentials profile to use from theolpcli.inifile. -
--jsonDisplays the command result in JSON format. -
--quietDisplays the project policy HRN.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below shows the details of a project policy:
Linux
Windows
olp project policy show hrn:here:authorization::org:project/myproject \
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog \
--jsonolp project policy show hrn:here:authorization::org:project/myproject ^
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog ^
--jsonOutput:
{
"id": "all-access-for-xyz-catalog",
"hrn": "hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog",
"name": "allAccessForXyzCatalog",
"description": "Read and write access to the xyz catalog.",
"type": "custom",
"permissions": [
{
"resource": "hrn:here:data::org:xyz-catalog",
"resourceType": "catalog",
"allowedActions": [
"readResource",
"writeResource"
]
}
]
}
project policy delete
Deletes a project policy.
olp project policy delete <project HRN> <policy HRN> [command parameters]
Required parameters:
-
<project HRN>Specifies the HRN of the project. -
<policy HRN>Specifies the HRN of the project policy to be deleted.
Optional parameters:
-
--forceIf set, forces the policy deletion and also deletes the policy attachments to identities.--credentials <path to credentials file>Specifies the name of a credentials file to use with the command. Credentials files are downloaded separately from the platform portal. -
--profile <profile name>Specifies the name of the credentials profile to use from theolpcli.inifile. -
--quietDisplays empty output with no additional information.
Warning
Project policy deletion
Deleting a project policy could negatively affect the workflow of all dependent users and apps. If there are attachments that are created in the project policy, you would need to delete the attachments before deleting the project policy.
For more information on using credentials and profiles, see Credentials setup.
Example:
The command below deletes a project policy:
Linux
Windows
olp project policy delete hrn:here:authorization::org:project/myproject \
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog \
--forceolp project policy delete hrn:here:authorization::org:project/myproject ^
hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog ^
--forceOutput:
Policy hrn:here:authorization::org:project/myproject:policy/all-access-for-xyz-catalog has been deleted from project hrn:here:authorization::org:project/myproject
