Read Authorization Policies
Example Request
-
cURL
-
C#
-
Go
-
HTTP
-
Java
-
jQuery
-
NodeJS
-
Python
-
PHP
-
Ruby
-
Swift
curl --location --globoff '{{apiPath}}/environments/{{envID}}/authorizationPolicies' \
--header 'Authorization: Bearer {{accessToken}}'var options = new RestClientOptions("{{apiPath}}/environments/{{envID}}/authorizationPolicies")
{
MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
request.AddHeader("Authorization", "Bearer {{accessToken}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "{{apiPath}}/environments/{{envID}}/authorizationPolicies"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Authorization", "Bearer {{accessToken}}")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}GET /environments/{{envID}}/authorizationPolicies HTTP/1.1
Host: {{apiPath}}
Authorization: Bearer {{accessToken}}OkHttpClient client = new OkHttpClient().newBuilder()
.build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
.url("{{apiPath}}/environments/{{envID}}/authorizationPolicies")
.method("GET", body)
.addHeader("Authorization", "Bearer {{accessToken}}")
.build();
Response response = client.newCall(request).execute();var settings = {
"url": "{{apiPath}}/environments/{{envID}}/authorizationPolicies",
"method": "GET",
"timeout": 0,
"headers": {
"Authorization": "Bearer {{accessToken}}"
},
};
$.ajax(settings).done(function (response) {
console.log(response);
});var request = require('request');
var options = {
'method': 'GET',
'url': '{{apiPath}}/environments/{{envID}}/authorizationPolicies',
'headers': {
'Authorization': 'Bearer {{accessToken}}'
}
};
request(options, function (error, response) {
if (error) throw new Error(error);
console.log(response.body);
});import requests
url = "{{apiPath}}/environments/{{envID}}/authorizationPolicies"
payload = {}
headers = {
'Authorization': 'Bearer {{accessToken}}'
}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{apiPath}}/environments/{{envID}}/authorizationPolicies');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
'follow_redirects' => TRUE
));
$request->setHeader(array(
'Authorization' => 'Bearer {{accessToken}}'
));
try {
$response = $request->send();
if ($response->getStatus() == 200) {
echo $response->getBody();
}
else {
echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
$response->getReasonPhrase();
}
}
catch(HTTP_Request2_Exception $e) {
echo 'Error: ' . $e->getMessage();
}require "uri"
require "net/http"
url = URI("{{apiPath}}/environments/{{envID}}/authorizationPolicies")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
request["Authorization"] = "Bearer {{accessToken}}"
response = http.request(request)
puts response.read_bodyvar request = URLRequest(url: URL(string: "{{apiPath}}/environments/{{envID}}/authorizationPolicies")!,timeoutInterval: Double.infinity)
request.addValue("Bearer {{accessToken}}", forHTTPHeaderField: "Authorization")
request.httpMethod = "GET"
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
}
task.resume()Example Response
200 OK
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/authorizationPolicies?limit=25"
}
},
"_embedded": {
"authorizationPolicies": [
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/authorizationPolicies/fdf59351-ca6d-4e54-be42-cb807977ca29"
}
},
"id": "fdf59351-ca6d-4e54-be42-cb807977ca29",
"name": "API Access Management",
"description": "API Access Management authorization policies.\n\nThis policy set is a container for all API Service policies and is not used during runtime policy evaluation.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_UNLESS_PERMIT"
},
"children": [
{
"type": "POLICY",
"name": "API Service \"Meme Game\"",
"description": "Authorization policies for the API Service \"Meme Game\".",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "ffd869d2-d4fe-4d47-a946-0f951ea1b376"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_UNLESS_PERMIT"
},
"children": [
{
"type": "POLICY",
"name": "API Service and Operations",
"description": "Policy set containing all API Service and Operation access control policies.\n\nThis policy set ensures that any PERMIT decisions produced by a descendant policy do not override any DENY or INDETERMINATE decisions produced by another descendant policy when evaluated by the parent policy set's \"Unless one decision is permit, the decision will be deny\" combining algorithm.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Inbound Request",
"description": "Authorization policies that apply to inbound requests for the API Service.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "INBOUND_REQUEST"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the API Service's basic rules configuration.\n\nThis policy only applies to inbound requests for the API Service.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to inbound requests for the API service, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": " Users starting a new game",
"description": "",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"combiningAlgorithm": {
"algorithm": "DENY_UNLESS_PERMIT"
},
"children": [
{
"type": "RULE",
"name": "Permit users from trusted domains",
"description": "",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "328b9905-e1c4-4166-bced-82330caf4183"
},
"comparator": "NOT_ENDS_WITH",
"right": {
"type": "CONSTANT",
"value": "@example.com"
}
}
]
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
},
{
"type": "RULE",
"name": "Permit users from generic domains to play alone",
"description": "",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "328b9905-e1c4-4166-bced-82330caf4183"
},
"comparator": "ENDS_WITH",
"right": {
"type": "CONSTANT",
"value": "@example.com"
}
},
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "6c82579e-f65a-4369-b936-599ce3c518d1"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "[]"
}
}
]
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
]
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
},
{
"type": "POLICY",
"name": "Outbound Response",
"description": "Authorization policies that apply to outbound responses from the API Service.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "OUTBOUND_RESPONSE"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the API Service's basic rules configuration.\n\nThis policy only applies to outbound responses for the API Service.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to outbound responses for the API service, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
},
{
"type": "POLICY",
"name": "Operation \"Start a new game\"",
"description": "Authorization policies for the operation \"Start a new game\" within the API Service \"Meme Game\"",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "b21f105d-441b-42ff-87a5-57d7bde13a08"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "4d683952-54dc-4d90-ab09-b9baed43023d"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Inbound Request",
"description": "Authorization policies that apply to inbound requests for the Operation.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "INBOUND_REQUEST"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the Operation's basic rules configuration.\n\nThis policy only applies to inbound requests for the Operation.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to inbound requests for the operation, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
},
{
"type": "POLICY",
"name": "Outbound Response",
"description": "Authorization policies that apply to outbound responses from the Operation.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "OUTBOUND_RESPONSE"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the Operation's basic rules configuration.\n\nThis policy only applies to outbound responses for the Operation.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to outbound responses for the operation, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "4d683952-54dc-4d90-ab09-b9baed43023d",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/4d683952-54dc-4d90-ab09-b9baed43023d/edit"
}
}
},
{
"type": "POLICY",
"name": "Operation \"Get memes of another user\"",
"description": "Authorization policies for the operation \"Get memes of another user\" within the API Service \"Meme Game\"",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "b21f105d-441b-42ff-87a5-57d7bde13a08"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "d944cf75-db81-465e-af6d-5cb0b756eaba"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Inbound Request",
"description": "Authorization policies that apply to inbound requests for the Operation.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "INBOUND_REQUEST"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the Operation's basic rules configuration.\n\nThis policy only applies to inbound requests for the Operation.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
},
{
"type": "RULE",
"name": "Group Membership Rule",
"description": "Rule that returns a deny decision if the user is not a member of any of the listed groups.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "CONDITIONAL_PERMIT_ELSE_DENY",
"condition": {
"type": "OR",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "aa8de030-c2ec-4b51-b4e9-f799de8836ad"
},
"comparator": "IS_MEMBER_OF",
"right": {
"type": "CONSTANT",
"value": "4bdaabc0-51db-4a61-bae4-f93638b61d49"
}
}
]
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to inbound requests for the operation, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
},
{
"type": "POLICY",
"name": "Outbound Response",
"description": "Authorization policies that apply to outbound responses from the Operation.",
"enabled": true,
"statements": [],
"condition": {
"type": "AND",
"conditions": [
{
"type": "COMPARISON",
"left": {
"type": "ATTRIBUTE",
"id": "9e0ac671-c575-4735-bd6f-d80117cf0b87"
},
"comparator": "EQUALS",
"right": {
"type": "CONSTANT",
"value": "OUTBOUND_RESPONSE"
}
}
]
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Basic Rules",
"description": "Authorization rules based on the Operation's basic rules configuration.\n\nThis policy only applies to outbound responses for the Operation.\n",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "RULE",
"name": "Permit by Default",
"description": "Rule that always returns a permit decision.\nFor use with policies that may include multiple rules and use the 'A single deny will override any permit decisions' combining algorithm.",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
},
{
"type": "POLICY",
"name": "Custom",
"description": "To define custom authorization policies that apply to outbound responses for the operation, add policies or policy sets as children of this policy set.",
"enabled": true,
"statements": [],
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": false
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "d944cf75-db81-465e-af6d-5cb0b756eaba",
"type": "apiOperation",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/operations/d944cf75-db81-465e-af6d-5cb0b756eaba/edit"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
},
"reference": {
"id": "ae1d0e9e-418c-4149-b0e9-d44548cfa59c",
"type": "apiServer",
"uiDeepLink": "/apiServers/ae1d0e9e-418c-4149-b0e9-d44548cfa59c/overview"
}
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "API Access Management"
}
},
"restrictions": {
"readOnly": true,
"disallowChildren": true
}
},
"version": "0012360f-948e-421f-9d6e-4fc582bf6be5"
},
{
"_links": {
"self": {
"href": "https://api.pingone.com/v1/environments/abfba8f6-49eb-49f5-a5d9-80ad5c98f9f6/authorizationPolicies/177b5303-098b-4ea2-9cd0-be1f209458e7"
}
},
"id": "177b5303-098b-4ea2-9cd0-be1f209458e7",
"name": "Policies",
"description": "",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"combiningAlgorithm": {
"algorithm": "DENY_OVERRIDES"
},
"children": [
{
"type": "POLICY",
"name": "Test Authorization Policy",
"description": "Endpoint for creating a new authorization policy",
"enabled": true,
"statements": [
{
"name": "New statement",
"description": "",
"code": "CODE1",
"appliesTo": "ANYTHING",
"appliesIf": "PATH_MATCHES",
"payload": "",
"obligatory": false,
"attributes": []
}
],
"condition": {
"type": "EMPTY"
},
"combiningAlgorithm": {
"algorithm": "FIRST_APPLICABLE"
},
"children": [
{
"type": "RULE",
"name": "Test rule",
"description": "",
"enabled": true,
"statements": [],
"condition": {
"type": "EMPTY"
},
"effectSettings": {
"type": "UNCONDITIONAL_PERMIT"
}
}
]
},
{
"type": "POLICY",
"value": {
"id": "d12d0820-cf3a-4ad8-bcd6-13c59553a1f5"
}
}
],
"managedEntity": {
"owner": {
"service": {
"name": "Editor Service"
}
}
},
"version": "cb972b80-1faf-44fb-a89b-07e7cf9c6f05"
}
]
},
"count": 2,
"size": 2
}