PingAuthorize

Adding targets to a policy

Add targets to identify the requests to which the policy applies its fine-grained authorization logic. If no targets are attached to a policy, the policy applies to all requests. To make a policy only apply for all requests to a certain database, for example, add the database domain as a target.

Steps

  1. Go to the policy where you want to add targets.

  2. Click the next to Applies to.

  3. In the left pane, click Components.

    The list of components includes the items you created in the Trust Framework. Drag the appropriate domains, services, identity classes, and actions from the components to the Applies to target section on the policy.

    For example, to target Mobile Banking requests, drag that domain in. To target all banking groups, add the Banking Channels domain, which is the parent of the Online Banking and Mobile Banking domains. Because the top level is also a target, this step adds a total of three targets.

    Screen capture of the Components tab showing Rules, Targets, Statements, Domains, and Services

  4. Click Save changes.

Example

The following example features three domains because the Banking Channels definition is the parent of the other definitions. Logically, applying an OR operation within the definition type selects one of the channels.

The following graph shows how the server evaluates the group of targets.

Diagram showing evaluation of targets with OR operations between domains, an OR operation between actions, and then AND operations across domains, services, and actions