PingAuthorize

Visualizing a policy decision response

Visualize a decision by selecting a recent decision or by copying and pasting a decision from a log.

Steps

  1. Sign on to the PingAuthorize Policy Editor.

  2. Choose a method for visualizing a decision.

    Choose from:

    • Select a recent decision

      1. In the Policy Editor, go to Policies.

      2. Click the Decision Visualiser tab.

      3. Click Recent Decisions and select a decision.

      4. Click Visualise.

        You can control the number of recent decisions that appear in the list as explained in Setting the request list length for Decision Visualizer.

    • Copy and paste a decision from a log

      Before attempting to troubleshoot or trace a policy-decision response, ensure that the Policy Decision Logger is enabled. For more information, see Configuring PingAuthorize logging.

      Each policy-decision response is presented in JSON format. To view the details of a policy-decision response:

      1. From within the policy-decision file, copy the policy-decision response JSON.

      2. In the Policy Editor, go to Policies.

      3. Click the Decision Visualiser tab.

      4. Click Paste Logs.

      5. In the field beneath Paste Logs, paste the policy-decision response JSON.

      6. Click Visualise.

Result

An interactive decision tree of your policies is displayed.

Screen capture of the Policy Editor’s Decision Visualizer decision tree for an evaluated policy decision

This image depicts the final decision sent to the client. The node to the far left, Global Decision Point, represents the root node, and the child nodes contain the subset of policies and rules.

The following color-coded icons convey important information:

  • A green check mark indicates that the request permit on the policy or rule.

  • A red X indicates that the request deny on the policy or rule.

  • A gray N/A indicates that the request is not applicable to the policy or rule.

In the previous example, the client received a final decision of deny. The Token Validation policy permitted the request initially but was overridden after the Random Jokes API policy was applied.