PingAuthorize

Repeating policies and attributes

Use repeating policies and attributes to evaluate a policy multiple times—once for each item in a collection.

For example, assume the Accounts attribute contains a list of accounts associated with a customer. You want to filter access to the accounts based on the account type. With repeating policies, a decision is made for each item in the Accounts attribute, returning statements for each account that is permitted.

Repeating policies

To make a policy repeat, from the hamburger menu, select Add repetition settings.

You can only add repetition settings to an existing policy. The hamburger menu to add these settings does not appear when you are creating a new policy.

Screen capture of a policy screen that shows the hamburger menu options, including the Add repetition settings menu item

The policy repetition settings are as follows:

  • Apply this policy to each item of

    This specifies the collection attribute to repeat over, referred to as the repetition source.

  • Filtering by

    This represents the decision and any attached statement to filter by.

The following example uses the Accounts attribute and Permit decision. In this case, the policy applies to every item in the Accounts collection attribute. The policy keeps each result that returns Permit.Screen capture of the Repetition Settings, including drop-down lists for Apply this policy to each item of and Filtering by

When you define rules and statements for a repeating policy, you can use:

  • Attributes with no repetition source

  • Attributes with the same repetition source as the policy

Repeating attributes

To make an attribute repeat, from the hamburger menu, select Add repetition settings.

You can only add repetition settings to an existing attribute. The hamburger menu to add these settings does not appear when you are creating a new attribute.

Screen capture of an attribute screen that shows the hamburger menu with the Add repetition settings menu item

The attribute repetition settings are as follows:

  • Repeat for each item of

    This specifies the attribute to repeat over, referred to as the repetition source.

    If you set this field, you can only use the attribute in repeating policies. However, the attribute can then resolve against attributes repeating against the same collection. The attribute can still resolve against attributes that do not have this field set.

  • Resolvers, Value Processors, Caching

    For a resolver, if Resolver type is Current Repetition Value, resolution is against individual items in the collection itself.

    For information about these items, see Resolvers, Processors, and Attribute caching.

    You can use repeating attributes in named conditions and value processors. If an attribute uses a named condition or value processor, any repeating attributes referenced in the condition or value processor must have the same repetition source as the attribute itself. If a policy uses a named condition, any repeating attributes referenced in the condition must have the same repetition source as the policy itself.