Repeating policies and attributes
Use repeating policies and attributes to evaluate a policy multiple times—once for each item in a collection.
For example, assume the Accounts
attribute contains a list of accounts associated with a customer. You want to filter access to the accounts based on the account type. With repeating policies, a decision is made for each item in the Accounts
attribute, returning statements for each account that is permitted.
Repeating policies
To make a policy repeat, from the hamburger menu, select Add repetition settings.
You can only add repetition settings to an existing policy. The hamburger menu to add these settings does not appear when you are creating a new policy. |
The policy repetition settings are as follows:
-
Apply this policy to each item of
This specifies the collection attribute to repeat over, referred to as the repetition source.
-
Filtering by
This represents the decision and any attached statement to filter by.
The following example uses the Accounts
attribute and Permit
decision. In this case, the policy applies to every item in the Accounts
collection attribute. The policy keeps each result that returns Permit.
When you define rules and statements for a repeating policy, you can use:
-
Attributes with no repetition source
-
Attributes with the same repetition source as the policy
Repeating attributes
To make an attribute repeat, from the hamburger menu, select Add repetition settings.
You can only add repetition settings to an existing attribute. The hamburger menu to add these settings does not appear when you are creating a new attribute. |
The attribute repetition settings are as follows:
-
Repeat for each item of
This specifies the attribute to repeat over, referred to as the repetition source.
If you set this field, you can only use the attribute in repeating policies. However, the attribute can then resolve against attributes repeating against the same collection. The attribute can still resolve against attributes that do not have this field set.
-
Resolvers, Value Processors, Caching
For a resolver, if Resolver type is Current Repetition Value, resolution is against individual items in the collection itself.
For information about these items, see Resolvers, Processors, and Attribute caching.
You can use repeating attributes in named conditions and value processors. If an attribute uses a named condition or value processor, any repeating attributes referenced in the condition or value processor must have the same repetition source as the attribute itself. If a policy uses a named condition, any repeating attributes referenced in the condition must have the same repetition source as the policy itself.