Allowing attributes to be modified by administrators - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3 (Latest)
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

To allow any attribute to be modified, such as for an administrator account, the policy decision point (PDP) does not need to check the impactedAttributes attribute.

To create a policy that allows an administrator to modify any attributes, complete the following step.

Create a policy, and then add a rule with the Effect set to Permit the decision based on the Condition that the user is an administrator.

To check the user, for example, you can set up a condition to compare whether HttpRequest.AccessToken.scope equals administrator.