Skip to content

Analyzing

See the example under https://github.com/salesforce/policy_sentry/blob/master/examples/library-usage/analysis/analyze_by_access_level.py

analysis.analyze

Functions to support the analyze capability in this tool

analyze_by_access_level(policy_json, access_level)

Determine if a policy has any actions with a given access level. This is particularly useful when determining who has 'Permissions management' level access

Parameters:

Name Type Description Default
policy_json

a dictionary representing the AWS JSON policy

required
access_level

The normalized access level - either 'read', 'list', 'write', 'tagging', or 'permissions-management'

required

Returns:

Type Description
List

A list of actions

analyze_statement_by_access_level(statement_json, access_level)

Determine if a statement has any actions with a given access level.

Parameters:

Name Type Description Default
statement_json

a dictionary representing a statement from an AWS JSON policy

required
access_level

The access level - either 'Read', 'List', 'Write', 'Tagging', or 'Permissions management'

required

Returns:

Type Description
List

A list of actions