Allowing attributes to be modified by administrators - PingAuthorize - 9.1

PingAuthorize

bundle
pingauthorize-91
ft:publication_title
PingAuthorize
Product_Version_ce
PingAuthorize 9.1
category
ContentType
Product
Productdocumentation
paz-91
pingauthorize
ContentType_ce
Product documentation

To allow any attribute to be modified, such as for an administrator account, the policy decision point (PDP) does not need to check the impactedAttributes attribute.

To create a policy that allows an administrator to modify any attributes, complete the following step.

Create a policy with a rule with Effect set to Permit the decision based on the Condition that the user is an administrator.

To check the user, for example, you can set up a condition to compare whether HttpRequest.AccessToken.scope equals administrator.