--- title: Policy Based Access Control Handler description: A policy based access control handler implements a coarse grained access control model suitable for use in proxies. component: pingds version: 8.1 page_id: pingds:configref:objects-policy-based-access-control-handler canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-policy-based-access-control-handler.html section_ids: parent: Parent dependencies: Dependencies policy_based_access_control_handler_properties: Policy Based Access Control Handler properties basic_properties: Basic properties enabled: enabled advanced_properties: Advanced properties java-class: java-class --- # Policy Based Access Control Handler A policy based access control handler implements a coarse grained access control model suitable for use in proxies. Access control rules are defined using individual access control policy entries. A user's access is defined as the union of all access control rules that apply to that user. In other words, an individual access control rule can only grant additional access and can not remove rights granted by another rule. This approach results in an access control policy which is easier to understand and audit, since all rules can be understood in isolation. ## Parent The Policy Based Access Control Handler object inherits from [Access Control Handler](objects-access-control-handler.html). ## Dependencies Policy Based Access Control Handlers depend on the following objects: * [Global Access Control Policy](objects-global-access-control-policy.html) ## Policy Based Access Control Handler properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | ------------------- | ------------------------- | | [enabled](#enabled) | [java-class](#java-class) | ### Basic properties Use the `--advanced` option to access advanced properties. ### enabled | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Indicates whether the Access Control Handler is enabled. If set to FALSE, then any client (including unauthenticated or anonymous clients) is allowed to bind to the server and any connection with the "bypass-acl" privilege is allowed to perform any operation. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### java-class | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the fully-qualified name of the Java class that provides the Policy Based Access Control Handler implementation. | | *Default value* | org.opends.server.authorization.policy.PolicyBasedAccessControlHandler | | *Allowed values* | A Java class that extends or implements:- org.opends.server.api.AccessControlHandler | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | Yes | | *Read-only* | No |