Page created: 17 Feb 2022
|
Page updated: 29 Jul 2022
| 2 min read
Product PingAuthorize 9.1 Content Type Product documentation Administration
Given an attribute defined in multiple resource types, modify the attribute
differently depending on the resource type. In particular, this policy focuses on the
retrieve action and changes the cn
attribute to one value for the Users
resource type and to another value for the Devices resource type.
- In the Policy Editor, go to Policies in the left pane and then click Policies along the top.
- From the + menu, select Add Policy.
- For the name, replace Untitled with Modify cn attribute based on the resource type.
- Click the + next to Applies to.
- Click Add definitions and targets, or drag from Components and add the retrieve action.
-
Set Combining Algorithm to Unless one
decision is deny, the decision will be permit.
You should have a screen similar to the following one for the policy so far.
-
Add a rule for the Users resource.
- Click + Add Rule.
- For the name, replace Untitled with If resource type is Users.
- Click + Comparison.
- From the Select an Attribute list, select the SCIM2.resource.meta.resourceType attribute.
- In the second field, select Equals.
- In the third field, specify Users as the constant.
-
Add advice to modify attributes.
- Within the rule, click Show Advice and Obligations.
- Click + next to Advice and Obligations.
- Click + Add Advice > Modify Attributes.
- For the name, specify Modify cn for users resource.
- Set Applies To to Permit.
- Set the Payload field to {"cn":"USERS_MOD"}.
-
Click Save changes.
Your rule should be similar to the following one.
-
Add a rule for the Devices resource.
- Click + Add Rule.
- For the name, replace Untitled with If resource type is Devices.
- Click + Comparison.
- From the Select an Attribute list, select the SCIM2.resource.meta.resourceType attribute.
- In the second field, select Equals.
- In the third field, specify Devices as the constant.
-
Add advice to modify attributes.
- Within the rule, click Show Advice and Obligations.
- Click + next to Advice and Obligations.
- Click + Add Advice > Modify Attributes.
- For the name, specify Modify cn for devices resource.
- Set Applies To to Permit.
- Set the Payload field to {"cn":"DEVICES_MOD"}.
-
Click Save changes.
Your rule should be similar to the following one.
- Send test requests to the SCIM service and verify data using the Policy Editor's Decision Visualiser.