---
title: SCIM policy requests
description: For every System for Cross-domain Identity Management (SCIM) request or response, one or more policy requests are sent to the policy decision point (PDP) for authorization.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_server_administration_guide:paz_scim_policy_requests
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_server_administration_guide/paz_scim_policy_requests.html
revdate: April 28, 2025
---

# SCIM policy requests

For every System for Cross-domain Identity Management (SCIM) request or response, one or more policy requests are sent to the policy decision point (PDP) for authorization.

Policies can use a policy request's `action` value to determine the processing phase and to act accordingly. Understanding how the SCIM service formulates policy requests will help you to create and troubleshoot policies more effectively.

Most SCIM operations are authorized in the following phases:

1. The operation itself is authorized.

2. The outgoing response is authorized with the `retrieve` action.

In most cases, you can reuse policies that target the `retrieve` action to specify read-access control rules. You can disable this `retrieve` action for a SCIM Resource Type if policies are only used for authorization before the operation. To do so, set the SCIM Resource Type's `disable-response-processing` property to `true`. The resource is then returned as-is after the operation completes. This property also affects SCIM searches.

| Operation                                                                              | Actions                                                                                                                                         |
| -------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
| `POST /scim/v2/<resourceType>`                                                         | `create`, `retrieve`                                                                                                                            |
| `GET /scim/v2/<resourceType>/<resourceId>`                                             | `retrieve`                                                                                                                                      |
| `PUT /scim/v2/<resourceType>/<resourceId>``PATCH /scim/v2/<resourceType>/<resourceId>` | `modify`, `retrieve`                                                                                                                            |
| `DELETE /scim/v2/<resourceType>/<resourceId>`                                          | `delete`                                                                                                                                        |
| `GET /scim/v2/<resourceType>``POST /scim/v2/<resourceType>/.search`                    | `search`, `retrieve`-OR-`search`, `search-results`Learn more about authorizing searches in [About SCIM searches](paz_about_scim_searches.html). |

Enable detailed decision logging and view all policy request attributes in action, particularly when learning how to develop SCIM policies. For more information, see [Policy Decision Logger](paz_enable_detailed_logging.html#policy_decision_logger).