Infosec levels
Methods for assigning information security classifications to Resources, Systems, and users, and for configuring the platform-wide infosec schema.
All methods are available on the Client instance. Parameters marked (required) must be provided. See Enums for valid enum values.
Infosec levels classify a Resource (or user) at one of an ordered set of levels defined by the active infosec schema (e.g. US_DOD, AUS). When the platform infosec setting is enabled, every Resource carries an active level, and access checks compare the caller's clearance to the Resource's classification before permissions are evaluated.
Resource classification
assign_infosec_level()
Assign a security classification to a Resource, System, or user.
The level must come from the active platform schema; use list_infosec_levels to enumerate the available IDs.
-
Parameters:
- subject_type (InfosecLevelObjectType) – Type of object to classify. One of:
model,artifact,system,user. (required) - subject_id (str) – ID of the object to classify. (required)
- assign_infosec_level (AssignInfosecLevel) – Wrapper containing the target
infosec_level_id. (required) - http_request_timeout_secs (int, optional) – timeout setting for this request
- subject_type (InfosecLevelObjectType) – Type of object to classify. One of:
-
Return Type: InfosecLevel
list_infosec_levels()
List all infosec levels defined by the active platform schema, in the order they appear in the schema.
-
Parameters: http_request_timeout_secs (int, optional) – timeout setting for this request
-
Return Type: List[InfosecLevel]
Platform settings
get_platform_infosec_settings()
Retrieve the active platform infosec settings — whether infosec enforcement is enabled, which schema is active, the maximum allowed level, and the default level applied to new Resources.
-
Parameters: http_request_timeout_secs (int, optional) – timeout setting for this request
-
Return Type: PlatformInfosecSettings
enable_platform_infosec_settings()
Set or update the platform infosec settings. Switching the schema or maximum level affects every Resource because the active classification is interpreted against the schema.
This endpoint is admin-only.
-
Parameters:
- set_platform_infosec_settings (SetPlatformInfosecSettings) – New platform infosec configuration. (required)
- http_request_timeout_secs (int, optional) – timeout setting for this request
-
Return Type: PlatformInfosecSettings
Data types
AssignInfosecLevel
Wrapper passed to assign_infosec_level.
| Attribute | Type | Description |
|---|---|---|
infosec_level_id | str | ID of an existing infosec level from the active schema |
InfosecLevel
Returned by list_infosec_levels and assign_infosec_level.
| Attribute | Type | Description |
|---|---|---|
id | str | Level identifier |
created | datetime | When the level was registered |
schema_id | str | ID of the parent infosec schema |
name | str | Display name (e.g. Unclassified, Secret) |
order | int | Position within the schema; higher values are stricter |
display_color | str | Hex color used by the UI |
PlatformInfosecSettings
Returned by get_platform_infosec_settings and enable_platform_infosec_settings.
| Attribute | Type | Description |
|---|---|---|
id | str | Settings record ID |
created | datetime | When the settings were last applied |
enabled | bool | Whether infosec enforcement is active for the platform |
infosec_schema | InfosecSchema | Active schema definition (levels and metadata) |
max_level | InfosecLevel | Maximum level a Resource may be classified at |
default_resource_level | InfosecLevel | Level applied to a new Resource when none is specified |
SetPlatformInfosecSettings
Body for enable_platform_infosec_settings.
| Attribute | Type | Description |
|---|---|---|
enabled | bool | Toggle enforcement on or off |
infosec_schema_type | InfosecSchemaTypes | Which packaged schema to activate (e.g. US_DOD, AUS) |
max_level | int | Maximum level (order value) a Resource may be classified at |
default_resource_level | int | Default level (order value) applied to new Resources |