The SCIM service translates each SCIM request or response into one or more policy requests to the policy decision point (PDP).

These policy requests have an action value that you can reference in the policies you write to deny or permit the action.

For more background information, see About the SCIM service.

For more information about actions, see SCIM policy requests.

This feature is useful for:
  • Data control
  • Information security
  • Resource management
Example scenarios include:
  • A bank that wants to prevent delete operations of their client profiles
  • A health care system that should only allow the creation of new patient records and should not allow the modification of existing patient records
  • A university system that only allows the retrieval of student information from the student's defined department; the system can modify the information differently based on the department