Analyzing
See the example under https://github.com/salesforce/policy_sentry/blob/master/examples/library-usage/analysis/analyze_by_access_level.py
analysis.analyze
Functions to support the analyze capability in this tool
analyze_by_access_level(policy_json, access_level)
Determine if a policy has any actions with a given access level. This is particularly useful when determining who has 'Permissions management' level access
Parameters:
Name | Type | Description | Default |
---|---|---|---|
policy_json |
a dictionary representing the AWS JSON policy |
required | |
access_level |
The normalized access level - either 'read', 'list', 'write', 'tagging', or 'permissions-management' |
required |
Return
List: A list of actions
analyze_statement_by_access_level(statement_json, access_level)
Determine if a statement has any actions with a given access level.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
statement_json |
a dictionary representing a statement from an AWS JSON policy |
required | |
access_level |
The access level - either 'Read', 'List', 'Write', 'Tagging', or 'Permissions management' |
required |
Returns:
Name | Type | Description |
---|---|---|
List | A list of actions |