--- title: Authorization Rules description: Rules in PingOne Authorize identify the statements and conditions by which a decision node is evaluated. If the condition is true, the decision node is evaluated. Otherwise, it is not. PingOne Authorize policies can combine multiple rules to produce a Permit, Deny, Indeterminate, or Not Applicable decision. component: pingone-api-ea page_id: pingone-api-ea:authorize:early-access/pingone-authorize-admin-apis/pingauthorize-editor-policy-management/authorization-rules canonical_url: https://developer.pingidentity.com/pingone-api-ea/authorize/early-access/pingone-authorize-admin-apis/pingauthorize-editor-policy-management/authorization-rules.html section_ids: authorization-rules-data-model: Authorization rules data model event-types: Event types response-codes: Response codes --- # Authorization Rules Rules in PingOne Authorize identify the statements and conditions by which a decision node is evaluated. If the condition is true, the decision node is evaluated. Otherwise, it is not. PingOne Authorize policies can combine multiple rules to produce a Permit, Deny, Indeterminate, or Not Applicable decision. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For detailed information, refer to [Combining algorithms](https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_combining_algorithm.html) in the *PingOne Cloud Platform Administrator Guide*. | ## Authorization rules data model | Property | Type | Required | Mutable | Description | | ---------------- | ------- | -------- | --------- | ----------------------------------------------------------------------------------------------------------------- | | `condition` | Object | Optional | Mutable | The authorization condition object. For details, refer to [Authorization Conditions](#authorization-conditions). | | `description` | String | Optional | Mutable | The authorization rule resource's description. | | `effectSettings` | Object | Required | Immutable | An object that determines how the children are combined to produce an outcome for the policy. | | `enabled` | Boolean | Optional | Mutable | The setting that determines whether the decision node is evaluated. The default value is `true`. | | `id` | UUID | Required | Read only | The resource's unique identifier. | | `name` | String | Required | Mutable | A user-friendly authorization rule name. The `name` value must be unique. | | `statements` | Object | Optional | Mutable | The authorization statements object. For details, refer to [Authorization Statements](#authorization-statements). | | `type` | String | Required | Immutable | The condition resource's type. Options are `CONDITION`. | | `version` | UUID | Required | Read only | A random ID generated by the system for concurrency control purposes. | ## Event types The audit reporting events applicable to the authorization rules service are: | Topic | Event | | ----------------- | ------------------------- | | `authorize-model` | `AUTHORIZE_RULES.CREATED` | | `authorize-model` | `AUTHORIZE_RULES.UPDATED` | | `authorize-model` | `AUTHORIZE_RULES.DELETED` | ## Response codes | Code | Message | | ---- | --------------------------------------------------------------------- | | 200 | Successful operation. | | 201 | Successfully created. | | 204 | Successfully removed. No content. | | 400 | The request could not be completed. | | 401 | You do not have access to this resource. | | 403 | You do not have permissions or are not licensed to make this request. | | 404 | The requested resource was not found. |