---
title: Adding and testing a policy
description: Learn how to add and test a dynamic authorization policy that uses an attribute.
component: pingone
page_id: pingone:authorization_using_pingone_authorize:p1az_tutorial_adding_and_testing_policies
canonical_url: https://docs.pingidentity.com/pingone/authorization_using_pingone_authorize/p1az_tutorial_adding_and_testing_policies.html
revdate: May 15, 2024
section_ids:
  tutorial-add-policy: Adding a policy
  steps: Steps
  result: Result:
  result-2: Result:
  tutorial-test-policy: Testing the policy
  about-this-task: About this task
  steps-2: Steps
  result-3: Result:
  result-4: Result:
  next-steps: Next steps
---

# Adding and testing a policy

Learn how to add and test a dynamic authorization policy that uses an attribute.

## Adding a policy

Policies model business requirements into authorization logic. They're built by business analysts who understand your application requirements and the regulations you're complying with.

Let's add a policy that will deny payments over 10,000 USD.

### Steps

1. Go to **Authorization > Policies**.

   On the **Policies** tab, you'll see the default policy set called **Policies**. Policy sets are like folders that you can use to group and organize policies. You're going to add your policy to the default policy set.

   ![Screen capture of the Policies policy set on the Policies tab.](_images/tdv1637365837651.png)

2. Select the root policy set **Policies**, then click the **[icon: plus, set=fa]**icon and select **Add Policy**.

3. For the policy **Name**, enter `Payment checks`.

   The red dot on the right indicates that there are unsaved changes in the policy.

   ![Screen capture of the policy name showing the red dot indicating unsaved changes.](_images/guy1637366184509.png)

   Now you need a rule that defines the policy logic.

4. Click **[icon: plus, set=fa]Add Rule**.

   To keep things simple, leave out the description for now. When you develop your own policies, you can enter a description to document the underlying business case for the rule or the specific business policy the rule is enforcing.

5. For the rule **Name**, enter `Deny payments over 10000 USD`.

6. Because you want to deny certain payments, select **Deny** for the **Effect**.

   Let's make a comparison to determine if the payment amount is over $10,000 USD.

7. Click the hamburger menu next to the **Name** field and select **Add "Applies When"**.

   1. In the **Applies When** section, click **[icon: plus, set=fa]Comparison**.

   2. In **Select an attribute**, select **Amount**, which is the attribute that you added to the **Trust Framework**.

   3. For the comparator, select **Greater Than Or Equal**.

   4. For the constant value, enter `10000`.

      #### Result:

      Your rule looks like this:

      ![Screen capture of the Deny payments over 10000 USD rule showing the comparison to determine if the payment amount is over 10000.](_images/p1az-tutorial-deny-payment-rule.png)

8. Click **Save changes**.

   #### Result:

   Your new policy is displayed in the default policy set.

   ![Screen capture of the Payment checks policy nested under the default Policies policy set.](_images/hst1637367410176.png)

## Testing the policy

### About this task

Next you'll test your policy to make sure it does what you expect.

### Steps

1. Go to **Authorization > Policies**, then select the **Payment checks** policy and click the **Test** tab.

2. In the **Request** section, in the **Attributes** list, select the **Amount** attribute and enter `10900` as the attribute value.

   ![Screen capture of the Testing Scenario tab showing a request with the Amount attribute set to a value of 10900.](_images/ved1637446522210.png)

3. Click **Execute**.

   #### Result:

   The **Visualization** tab shows a deny result, as you'd expect, because the amount is over 10000. The policy is working.

   ![Screen capture showing the visualization flow of the deny result.](_images/nri1637446893971.png)

   Now let's test a value less than 10,000 to see if the policy handles it.

4. Click the **Testing Scenario** tab, enter `9900` as the attribute value, and click **Execute**.

   ![Screen capture of the Testing Scenario tab showing a request with the Amount attribute set to a value of 9900.](_images/ble1637447542764.png)

   #### Result:

   A second **Test Results** tab is displayed that shows a result that's not applicable. Your rule only applies to amounts greater than or equal to 10000, so right now the rule doesn't apply to amounts less than 10000. This neutral decision indicates that the policy doesn't apply in this situation.

   ![Screen capture showing the visualization flow of the not applicable result.](_images/hvh1637447968820.png)

   You have more work to do with your policy to account for amounts less than $10,000 USD.

### Next steps

You used the amount attribute to build a basic policy with a rule that denies payments over $10,000 USD. Then you tested your policy and found that it doesn't account for payments less than $10,000 USD.

Let's [update and retest the policy](p1az_tutorial_updating_and_retesting_policies.html).