Eclipse Ditto™ version:

Important: This documentation reflects the latest 'development'. You might want to choose a released version.
Getting Started
Core Concepts
Architecture
- Overview
- Services
Connectivity
APIs & Interfaces
WoT Integration
Operating & Extending
Ditto Protocol
Release Notes
- 3.9.1
- 3.9.0
- 3.8.12
- 3.8.11
- 3.8.10
- 3.8.9
- 3.8.8
- 3.8.7
- 3.8.6
- 3.8.5
- 3.8.4
- 3.8.3
- 3.8.2
- 3.8.1
- 3.8.0
- Archive
  - 3.7.6
  - 3.7.5
  - 3.7.4
  - 3.7.3
  - 3.7.2
  - 3.7.1
  - 3.7.0
  - 3.6.11
  - 3.6.10
  - 3.6.9
  - 3.6.8
  - 3.6.7
  - 3.6.5
  - 3.6.4
  - 3.6.3
  - 3.6.2
  - 3.6.1
  - 3.6.0
  - 3.5.12
  - 3.5.11
  - 3.5.10
  - 3.5.9
  - 3.5.8
  - 3.5.7
  - 3.5.6
  - 3.5.5
  - 3.5.4
  - 3.5.3
  - 3.5.2
  - 3.5.1
  - 3.5.0
  - 3.4.5
  - 3.4.4
  - 3.4.3
  - 3.4.2
  - 3.4.1
  - 3.4.0
  - 3.3.7
  - 3.3.6
  - 3.3.5
  - 3.3.4
  - 3.3.3
  - 3.3.2
  - 3.3.0
  - 3.2.1
  - 3.2.0
  - 3.1.2
  - 3.1.1
  - 3.1.0
  - 3.0.0
  - 2.4.2
  - 2.4.1
  - 2.4.0
  - 2.3.2
  - 2.3.1
  - 2.3.0
  - 2.2.2
  - 2.2.1
  - 2.2.0
  - 2.1.3
  - 2.1.2
  - 2.1.1
  - 2.1.0
  - 2.0.1
  - 2.0.0
  - 1.5.1
  - 1.5.0
  - 1.4.0
  - 1.3.0
  - 1.2.1
  - 1.2.0
  - 1.1.5
  - 1.1.3
  - 1.1.2
  - 1.1.1
  - 1.1.0
  - 1.0.0
  - 0.9.0
  - 0.8.0
  - 1.0.0-M2
  - 1.0.0-M1a
  - 0.9.0-M2
  - 0.9.0-M1
  - 0.8.0-M3
  - 0.8.0-M2
  - 0.8.0-M1
  - 0.3.0-M2
  - 0.3.0-M1
  - 0.2.0-M1
  - 0.1.0-M3
  - 0.1.0-M1
Resources

Collapse All | Expand All

Policies service

Edit this page

The Policies service persists and enforces Policies, which control access to all resources in Ditto.

TL;DR: The Policies service owns all Policy entities, persists them via event sourcing in MongoDB, and enforces authorization on policy-related commands using the policy itself.

Overview

The Policies service is responsible for the complete lifecycle of Policy entities – creation, modification, retrieval, and deletion. Every authorization decision for policy-level operations flows through this service.

How it works

Model

The service is built around the Policy entity:

Policy model

Signals

Other services communicate with the Policies service through two signal types:

PolicyCommands: Commands that the service processes (create, modify, retrieve, delete)
PolicyEvents: Events emitted when policy entities change

Persistence

The Policies service uses Pekko persistence with event sourcing to persist changes and restore policies.

Enforcement

The service authorizes all policy signals using the policy’s own rules. In other words, you need the right permissions in a policy to modify that policy.

Further reading

Tags: