PingOne Platform APIs - Early Access

Authorization Conditions

Conditions in PingOne Authorize define authorization logic by comparing one thing to another. Conditions evaluate to either true or false. The authorization conditions service provides endpoints to create, read, update, test, and delete trust framework authorization conditions.

For detailed information about conditions resources and how to use condition comparators within the PingOne Authorize trust framework, refer to Conditions in the PingOne Cloud Platform Administrator Guide.

Authorization conditions data model

Property Type? Required? Mutable? Description

condition

Object

Required

Mutable

The authorization condition object.

condition.type

String

Required

Mutable

The authorization condition type. Options are COMPARISON, AND, OR, EMPTY, NOT, REFERENCE.

condition.conditions[]

Object

Required

Mutable

A set of conditions.

condition.conditions.type

String

Required

Mutable

The type of condition.

condition.conditions.comparator

String

Required

Mutable

The operator used to evaluate the condition.

condition.conditions.left

Object

Required

Mutable

An object that defines the left side of the condition statement.

condition.conditions.right

Object

Required

Mutable

An object that defines the right side of the condition statement.

description

String

Optional

Mutable

The authorization condition resource’s description.

fullName

String

Required

Mutable

A unique name generated by the system for each authorization condition resource. It is the concatenation of names in the condition resource hierarchy.

id

String

N/A

Read only

The resource’s unique identifier.

name

String

Required

Mutable

A user-friendly authorization condition name.

parent

Object

Optional

Mutable

The authorization condition resource’s parent.

parent.id

String

Optional

Mutable

The authorization condition resource’s parent ID.

type

String

Optional

Mutable

The condition resource’s type. Options are CONDITION.

version

String

Required

Read only

A random ID generated by the system for concurrency control purposes.

Authorization conditions condition type data model

Condition type Description

AND

The and logical condition. Additional properties are:

* conditions, the list of conditions that must be met.

OR

The or logical condition. Additional properties are:

* conditions, the list of conditions of which one must be met.

NOT

The not logical condition. Additional properties are:

* condition, the list of conditions.

EMPTY

The empty condition, which specifies no conditions to be met.

REFERENCE

The reference condition. Additional properties are:

* reference, the reference object.

* reference.id, the ID of an authorization condition.

COMPARISON

The comparison condition. Additional properties are:

* left, the value on the left side of the comparison operator.

* right, the value on the right side of the comparison operator.

* comparator, the comparison operator. Options are IS_MEMBER_OF, IS_NOT_MEMBER_OF, CONTAINS_GROUP, DOES_NOT_CONTAIN_GROUP, CONTAINS, NOT_CONTAINS, EQUALS, NOT_EQUALS, GREATER_THAN, GREATER_THAN_OR_EQUAL, LESSER_THAN, LESSER_THAN_OR_EQUAL, REGULAR_EXPRESSION, STARTS_WITH, NOT_STARTS_WITH, ENDS_WITH, NOT_ENDS_WITH, MATCHES, NOT_MATCHES, IS_IN, IS_NOT_IN, IN_CIDR_BLOCK, NOT_IN_CIDR_BLOCK

Event types

The audit reporting events applicable to the authorization condition service are:

Topic Event

authorize-model

AUTHORIZE_CONDITION.CREATED

authorize-model

AUTHORIZE_CONDITION.UPDATED

authorize-model

AUTHORIZE_CONDITION.DELETED

Response codes

Code Message

200

Successful operation.

201

Successfully created.

204

Successfully removed. No content.

400

The request could not be completed.

401

You do not have access to this resource.

403

You do not have permissions or are not licensed to make this request.

404

The requested resource was not found.