Search request authorization

In the first phase, a policy request is issued for the search itself, using the search action. If the policy result is deny, the search is not performed. Otherwise, statements in the policy result are applied to the search filter, giving statements a chance to alter the filter.

You can also use the Combine SCIM Search Authorizations statement type at this point. If you use this statement, search results are authorized by using a special mode, described in Search response authorization.