Creating a policy to control the set of actions for a specific resource - PingAuthorize

Creating a policy to control the set of actions for a specific resource - PingAuthorize - 9.2

PingAuthorize

bundle

pingauthorize-92

ft:publication_title

PingAuthorize

Product_Version_ce

PingAuthorize 9.2

category

ContentType

Product

Productdocumentation

paz-92

pingauthorize

ContentType_ce

Product documentation

For a given resource, control the outcomes (deny or permit) of actions on the resource. In particular, the policy focuses on the Users resource, and then denies deletes but permits retrieves.

In the Policy Editor, go to Policies in the left pane and then click Policies along the top.
From the + menu, select Add Policy.
For the name, replace Untitled with Control actions for the User resource.
Click the + next to Applies to.
Click Add definitions and targets, or drag from Components and add the SCIM2.Users service.
Set Combining Algorithm to Unless one decision is deny, the decision will be permit.

You should have a screen similar to the following one for the policy so far.
Add a rule to deny the deletion of User resources.
1. Click + Add Rule.
2. For the name, replace Untitled with Action: delete.
3. Set Effect to Deny.
4. Click + Comparison.
5. In the first field, click the A to toggle to an R and from that field's drop-down list, select Action.
6. In the second field, select Equals.
7. In the third field, select the delete action.
8. Add advice to provide a custom message.
  1. Within the rule, click Show Advice and Obligations.
  2. Click + next to Advice and Obligations.
  3. Click + Add Advice > Denied Reason.
  4. For the name, specify denied-reason.
  5. Set Applies To to Deny.
  6. In the Payload field:
    - Remove
      
      Example:
    - Change
      
      Human-readable error message
      
      to
      
      System has restricted the ability to delete User resources
9. Click Save changes.
  
  Your rule should be similar to the following one.
Add a rule to permit the retrieval of User resources.
1. Click + Add Rule.
2. For the name, replace Untitled with Action: retrieve.
3. Click + Comparison.
4. In the first field, click the A to toggle to an R and from that field's drop-down list, select Action.
5. In the second field, select Equals.
6. In the third field, select the retrieve action.
7. Click Save changes.
  
  Your rule should be similar to the following one.
Send test requests to the SCIM service and verify data using the Policy Editor's Decision Visualiser.