--- title: Statements description: Statements extend authorization decisions by instructing the policy decision service to perform additional processing. component: pingone page_id: pingone:authorization_using_pingone_authorize:p1az_policy_statements canonical_url: https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_policy_statements.html revdate: September 22, 2025 section_ids: statement-enforcement: Statement enforcement advice-and-obligations: Advice and obligations --- # Statements Statements extend authorization decisions by instructing the policy decision service to perform additional processing. Without statements, your policies can tell the decision service to either permit or deny a decision request. With statements, you can include additional information in `Permit` and `Deny` decisions, such as specifying response headers to add to `Permit` decisions or including reasons for denial with `Deny` decisions. | | | | - | ------------------------------------------------------------------------------------------------------------------------------- | | | Statements only apply to `Permit` or `Deny` decisions. They aren't returned with `Indeterminate` or `Not Applicable` decisions. | Statements enable you to be more expressive in your policies by allowing you to do things such as add or remove specific fields from requests and responses, [return statement codes to DaVinci flows](https://docs.pingidentity.com/connectors/p1az_connector.html#findStatement), update risk indicators, and provide authorized records for consent enforcement. ## Statement enforcement Statements processed by the dynamic authorization decision service can return statement codes and attributes in decision responses. With an API gateway integration, the API Access Management HTTP Access Policy Service can enforce built-in statements that filter and transform inbound request and outbound response data. PingOne Authorize provides [templates](p1az_statement_templates.html) for these built-in statements. ## Advice and obligations Statements are sometimes called *advice* and *obligations*. Authorization advice provides information about an authorization decision, such as the reason a transaction was denied. Obligations are conditions or actions that must be fulfilled along with an authorization decision. They enhance security, ensure compliance, or trigger other processes. For example, an obligation related to a payment might generate an email notification when a transaction is successful. PingOne Authorize handles obligations differently in dynamic authorization and API Access Management: * Dynamic authorization: PingOne Authorize doesn't enforce obligations in policies published to decision endpoints. The decision service includes the obligation in the decision response and it's the client's responsibility to enforce the obligation. * API Access Management: PingOne Authorize attempts to enforce obligations in policies published to API services. If the decision service can't fulfill an obligation, the decision evaluation fails and returns an error to the client. | | | | - | --------------------------------------------------------------------------------------------------------------------------- | | | If a non-obligatory statement can't be fulfilled, the decision service logs an error and continues the decision evaluation. | Learn more about using statements in policies in [Adding statements to policies and rules](p1az_adding_statements_to_policies_and_rules.html).