--- title: Authorization Conditions description: Conditions in PingOne Authorize define authorization logic by comparing one thing to another. Conditions evaluate to either true or false. The authorization conditions service provides endpoints to create, read, update, test, and delete trust framework authorization conditions. component: pingone-api-ea page_id: pingone-api-ea:authorize:early-access/pingone-authorize-admin-apis/pingauthorize-trust-framework/authorization-conditions canonical_url: https://developer.pingidentity.com/pingone-api-ea/authorize/early-access/pingone-authorize-admin-apis/pingauthorize-trust-framework/authorization-conditions.html section_ids: authorization-conditions-data-model: Authorization conditions data model authorization-condition-conditions-data-model: Authorization conditions condition type data model event-types: Event types response-codes: Response codes --- # Authorization Conditions Conditions in PingOne Authorize define authorization logic by comparing one thing to another. Conditions evaluate to either true or false. The authorization conditions service provides endpoints to create, read, update, test, and delete trust framework authorization conditions. | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | For detailed information about conditions resources and how to use condition comparators within the PingOne Authorize trust framework, refer to [Conditions](https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_conditions.html) in the *PingOne Cloud Platform Administrator Guide*. | ## Authorization conditions data model | Property | Type | Required | Mutable | Description | | --------------------------------- | ------ | -------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------ | | `condition` | Object | Required | Mutable | The authorization condition object. | | `condition.type` | String | Required | Mutable | The authorization condition type. Options are `COMPARISON`, `AND`, `OR`, `EMPTY`, `NOT`, `REFERENCE`. | | `condition.conditions[]` | Object | Required | Mutable | A set of conditions. | | `condition.conditions.type` | String | Required | Mutable | The type of condition. | | `condition.conditions.comparator` | String | Required | Mutable | The operator used to evaluate the condition. | | `condition.conditions.left` | Object | Required | Mutable | An object that defines the left side of the condition statement. | | `condition.conditions.right` | Object | Required | Mutable | An object that defines the right side of the condition statement. | | `description` | String | Optional | Mutable | The authorization condition resource's description. | | `fullName` | String | Required | Mutable | A unique name generated by the system for each authorization condition resource. It is the concatenation of names in the condition resource hierarchy. | | `id` | String | N/A | Read only | The resource's unique identifier. | | `name` | String | Required | Mutable | A user-friendly authorization condition name. | | `parent` | Object | Optional | Mutable | The authorization condition resource's parent. | | `parent.id` | String | Optional | Mutable | The authorization condition resource's parent ID. | | `type` | String | Optional | Mutable | The condition resource's type. Options are `CONDITION`. | | `version` | String | Required | Read only | A random ID generated by the system for concurrency control purposes. | ## Authorization conditions condition type data model | Condition type | Description | | -------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `AND` | The `and` logical condition. Additional properties are:\* `conditions`, the list of conditions that must be met. | | `OR` | The `or` logical condition. Additional properties are:\* `conditions`, the list of conditions of which one must be met. | | `NOT` | The `not` logical condition. Additional properties are:\* `condition`, the list of conditions. | | `EMPTY` | The `empty` condition, which specifies no conditions to be met. | | `REFERENCE` | The `reference` condition. Additional properties are:\* `reference`, the reference object.\* `reference.id`, the ID of an authorization condition. | | `COMPARISON` | The comparison condition. Additional properties are:\* `left`, the value on the left side of the comparison operator.\* `right`, the value on the right side of the comparison operator.\* `comparator`, the comparison operator. Options are `IS_MEMBER_OF`, `IS_NOT_MEMBER_OF`, `CONTAINS_GROUP`, `DOES_NOT_CONTAIN_GROUP`, `CONTAINS`, `NOT_CONTAINS`, `EQUALS`, `NOT_EQUALS`, `GREATER_THAN`, `GREATER_THAN_OR_EQUAL`, `LESSER_THAN`, `LESSER_THAN_OR_EQUAL`, `REGULAR_EXPRESSION`, `STARTS_WITH`, `NOT_STARTS_WITH`, `ENDS_WITH`, `NOT_ENDS_WITH`, `MATCHES`, `NOT_MATCHES`, `IS_IN`, `IS_NOT_IN`, `IN_CIDR_BLOCK`, `NOT_IN_CIDR_BLOCK` | | | | ## Event types The audit reporting events applicable to the authorization condition service are: | Topic | Event | | ----------------- | ----------------------------- | | `authorize-model` | `AUTHORIZE_CONDITION.CREATED` | | `authorize-model` | `AUTHORIZE_CONDITION.UPDATED` | | `authorize-model` | `AUTHORIZE_CONDITION.DELETED` | ## Response codes | Code | Message | | ---- | --------------------------------------------------------------------- | | 200 | Successful operation. | | 201 | Successfully created. | | 204 | Successfully removed. No content. | | 400 | The request could not be completed. | | 401 | You do not have access to this resource. | | 403 | You do not have permissions or are not licensed to make this request. | | 404 | The requested resource was not found. |