Policies
Authorization policies let AM determine whether to grant a subject access to a resource.
A policy defines the following:
- resources
-
The resource to which access is restricted, such as a web page, a mobile app, or a boarding area in an airport.
- actions
-
The verbs that describe what users can do to the resource, such as read a web page, submit a web form, or access a boarding area.
- subject conditions
-
Who the policy applies to, such as all authenticated users, only administrators, or only passengers with valid tickets for planes leaving soon.
- environment conditions
-
The circumstances under which the policy applies, such as only during work hours, only when accessing from a specific IP address, or only when the flight is scheduled to leave within the next four hours.
- response attributes
-
Information that AM attaches to a response following a policy decision, such as a name, email address, or frequent flyer status.
Policy conditions don’t determine the outcome of the policy but determine whether a specific policy is applicable and whether its actions should contribute towards the overall policy decision. If a condition fails (due to authentication failure, for example), AM disregards the corresponding policy and assesses any other configured policies to make the authorization decision. |