Page created: 17 Feb 2022
|
Page updated: 29 Jul 2022
| 1 min read
Product PingAuthorize 9.1 Content Type Product documentation Administration
For a given resource type, restrict the ability to delete. In particular, the policy focuses on the delete action and then denies the action when the resource type is Devices.
- In the Policy Editor, go to Policies in the left pane and then click Policies along the top.
- From the + menu, select Add Policy.
- For the name, replace Untitled with User cannot delete a Device resource.
- Click the + next to Applies to.
- Click Add definitions and targets, or drag from Components and add the delete action.
-
Set Combining Algorithm to Unless one
decision is deny, the decision will be permit.
You should have a screen similar to the following one for the policy so far.
-
Add a rule to deny the deletion of Device resources.
- Click + Add Rule.
- For the name, replace Untitled with If the SCIM resource type is Device, then deny.
- Set Effect to Deny.
- Click + Comparison.
- In the Select an Attribute list, select the SCIM2.resource.meta.resourceType attribute.
- In the second field, select Equals.
- In the third field, specify Devices as the constant.
-
Add advice to provide a custom message.
- Within the rule, click Show Advice and Obligations.
- Click + next to Advice and Obligations.
- Click + Add Advice > Denied Reason.
- For the name, specify denied-reason.
- Set Applies To to Deny.
- In the Payload field:
-
Remove
Example:
-
Change
Human-readable error message
to
System has restricted the ability to delete Device resources
-
-
Click Save changes.
Your rule should be similar to the following one.
- Send test requests to the SCIM service and verify data using the Policy Editor's Decision Visualiser.