Analyzing
See the example under https://github.com/salesforce/policy_sentry/blob/master/examples/library-usage/analysis/analyze_by_access_level.py
analysis.analyze
Functions to support the analyze capability in this tool
analyze_by_access_level(policy_json, access_level)
Determine if a policy has any actions with a given access level. This is particularly useful when determining who has 'Permissions management' level access
Parameters:
Name | Type | Description | Default |
---|---|---|---|
policy_json |
|
a dictionary representing the AWS JSON policy |
required |
access_level |
|
The normalized access level - either 'read', 'list', 'write', 'tagging', or 'permissions-management' |
required |
Returns:
Type | Description |
---|---|
List |
A list of actions |
analyze_statement_by_access_level(statement_json, access_level)
Determine if a statement has any actions with a given access level.
Parameters:
Name | Type | Description | Default |
---|---|---|---|
statement_json |
|
a dictionary representing a statement from an AWS JSON policy |
required |
access_level |
|
The access level - either 'Read', 'List', 'Write', 'Tagging', or 'Permissions management' |
required |
Returns:
Type | Description |
---|---|
List |
A list of actions |