Rules
Policy rules power the fine-grained access control capability of PingAuthorize. Rules contain logical conditions that evaluate to true or false. Policies can include one or more rules to produce a fine-grained authorization decision of Permit, Deny, Indeterminate, or Not Applicable.
To evaluate the overall decision of a policy, the policy decision point (PDP) applies a combining algorithm. The default algorithm that is set on a new policy is The first applicable will be the final decision. This algorithm stops evaluating as soon as it reaches a decision that is not Not Applicable.
|
For detailed information about rules in PingAuthorize, refer to Rules and combining algorithms in the PingAuthorize Policy Administration Guide. |
Authorization rules data model
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
Object |
Optional |
Mutable |
An object representing the conditions within the Rule. |
|
String |
Optional |
Mutable |
The authorization rule resource’s description. |
|
Boolean |
Optional |
Mutable |
Whether the Rule is disabled or not. |
|
Object |
Required |
Immutable |
Determines whether the rule results in a permit or deny. |
|
UUID |
Required |
Read only |
The resource’s unique identifier. |
|
String |
Required |
Mutable |
The name of the rule. |
|
Object |
Optional |
Mutable |
A collection of Statement IDs. |
|
String |
N/A |
N/A |
A collection of Target IDs. |
|
String |
Required |
Immutable |
The entity type. Value is always |
|
UUID |
Required |
Read only |
The unique version ID of the Rule. |
Authorization rule representation data model
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
Object |
Optional |
Mutable |
An object representing the conditions within the Rule. |
|
String |
Optional |
Mutable |
The authorization rule resource’s description. |
|
Boolean |
Optional |
Mutable |
Whether the Rule is disabled or not. |
|
Object |
Required |
Immutable |
Determines whether the rule results in a permit or deny. |
|
UUID |
Required |
Read only |
The resource’s unique identifier. |
|
String |
Required |
Mutable |
The name of the rule. |
|
Object |
Optional |
Mutable |
A collection of Statement IDs. For details, refer to Statements. |
|
String |
N/A |
N/A |
A collection of Target IDs. |
|
UUID |
Required |
Read only |
The unique version ID of the Rule. |
Authorization rule reference data model
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
UUID |
Required |
Read only |
The resource’s unique identifier. |
|
String |
Required |
Immutable |
The entity type. Value is always |
CombiningAlgorithm data model
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
String |
Required |
Mutable |
An aggregator of decisions that determines the final decision. Refer to Combining algorithm subtypes for all options. |
|
Boolean |
Optional |
Mutable |
Indicates whether to continue evaluating policies and rules, even if the final decision is known. Default value is |
ConditionalPermitElseDeny
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
String |
Required |
Read only |
The condition that determines whether the result is permit or deny. |
ConditionalDenyElsePermit
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
|
String |
Required |
Read only |
The condition that determines whether the result is permit or deny. |
EffectSettings
| Property | Subtypes |
|---|---|
|
The type of effect settings, either: "unconditionalPermit","unconditionalDeny","conditionalPermitElseDeny","conditionalDenyElsePermit" |
CombiningAlgorithm subtypes
| Subtypes |
|---|
|
|
|
|
|
|
|
Response codes
| Code | Message |
|---|---|
200 |
Successful operation. |
201 |
Successfully created. |
204 |
Successfully removed. No content. |
400 |
The request could not be completed. |
401 |
You do not have access to this resource. |
403 |
You do not have permissions or are not licensed to make this request. |
404 |
The requested resource was not found. |