Allowing attributes to be modified by administrators
To allow any attribute to be modified, such as for an administrator account, the policy decision point (PDP) does not need to check the impactedAttributes attribute.
About this task
To create a policy that allows an administrator to modify any attributes, complete the following step.
Steps
-
Create a policy, and then add a rule with the Effect set to Permit the decision based on the Condition that the user is an administrator.
To check the user, for example, you can set up a condition to compare whether
HttpRequest.AccessToken.scopeequalsadministrator.