Skip to main content

diagrid workflow access-policy create

Create a Dapr workflow access policy

Description

Create a new Dapr workflow access policy in a project.

WorkflowAccessPolicies are allow-lists: if no rule matches a call, the call is denied. Use --callers to grant the listed app IDs access to every workflow and activity on the target app(s) (equivalent to a single rule with name="*" and all workflow operations).

For complex policies with specific operation names, glob patterns, or multiple rule groups, run the command without arguments to use the interactive prompt, or provide a YAML manifest with --file.

To replace an existing policy in place, use 'diagrid apply -f' — the canonical upsert path that works for every resource kind.

diagrid workflow access-policy create <name> [flags]

Examples


  # Create using the interactive prompt (Recommended when no flags are supplied)
  diagrid workflow access-policy create
  diagrid workflow access-policy create --prompt

  # Create a policy that allows caller-1 to invoke any workflow/activity on app-a
  diagrid workflow access-policy create my-policy --scopes app-a --callers caller-1

  # Create with multiple allowed callers
  diagrid workflow access-policy create my-policy --callers c1,c2 --scopes app-a

  # Create from a YAML manifest (name is taken from metadata.name)
  diagrid workflow access-policy create -f my-policy.yaml

  # To replace an existing policy in place, use 'diagrid apply':
  diagrid apply --project my-project -f my-policy.yaml

Options

  -p, --project string    Name of existing project
  -s, --scopes strings    Target App IDs this policy protects (leave empty to protect all apps in the project)
      --callers strings   Caller App IDs to allow for all workflows and activities (name="*")
  -f, --file string       Path to a YAML manifest describing the WorkflowAccessPolicy. Mutually exclusive with the inline spec flags and --prompt.
  -w, --wait              Wait for long-running resource creation to finish
      --prompt            Create using the interactive TUI prompt
  -h, --help              help for create

Options inherited from parent commands

      --api-key string   Diagrid Cloud API key

SEE ALSO

Last updated on