--- title: Policies published to Authorize gateways description: Keep the following best practices in mind as you build policies and the Trust Framework configuration that you plan to publish to Authorize gateways. component: pingone page_id: pingone:integrations:p1_policies_published_to_authz_gateways canonical_url: https://docs.pingidentity.com/pingone/integrations/p1_policies_published_to_authz_gateways.html section_ids: policies: Policies information-points: Information points --- # Policies published to Authorize gateways Keep the following best practices in mind as you build policies and the Trust Framework configuration that you plan to publish to Authorize gateways. The following features aren't currently supported for Authorize gateway deployments: * Calls to gateway instances from the PingOne Authorize DaVinci connector * API Access Management in PingOne Authorize * The **Authorization Dashboard** doesn't track metrics for decision evaluations made by gateway instances. ## Policies You can use many of the policy authoring features available in PingOne Authorize. However, the following features aren't currently supported: * The **Has Permissions** condition comparator in policies and rules * Attributes listed under **PingOne > API Access Management** on the **Attributes** tab Policy features that rely on PingOne might increase decision request latency. These include: * **PingOne User** and **PingOne User ID** attribute resolvers * **Is Member Of** and **Is Not Member Of** condition comparators * PingOne Protect **Connector** services that provide risk information to gateway instances If your policies include these features, you must assign a built-in or custom administrator role to the Authorize gateway to give it additional permissions in PingOne. Learn more in [Managing Authorize gateway roles](p1_manage_authz_gateway_roles.html). ## Information points You can make calls to information points and self-managed services directly from gateway instances. When you [set up an HTTP service](../authorization_using_pingone_authorize/p1_az_connecting_an_http_service.html) in PingOne, use URLs for your local or private services instead of public URLs. The following features aren't supported: * You can't use an **LDAP Gateway** type service to access user information stored in a self-managed LDAP directory. * When [testing services](../authorization_using_pingone_authorize/p1_az_testing_tf_elements.html), you can't test calls to your local or private services. However, you can use overrides to mock the service response.