When a policy is applied to a request or response, the policy result might include one or more advices. An advice is a directive that instructs the policy enforcement point to perform additional processing in conjunction with an authorization decision.
In this example, PingDataGovernance Server functions as the policy enforcement type.
Advices allow PingDataGovernance Server to do more than allow or deny access to an API resource. For example, an advice might cause the removal of a specific set of fields from a response.
You can add an advice directly to a single policy or rule, or add an advice in Components for use with multiple policies or rules. Advices possess the following significant properties.
Advice property | Description |
---|---|
Name
|
Friendly name for the advice. |
Obligatory
|
If true , the advice must be fulfilled as a condition of
authorizing the request. If PingDataGovernance cannot
fulfill an obligatory advice, it fails the operation and returns an error to
the client application. If a non-obligatory advice cannot be fulfilled, an
error is logged, but the client's requested operation continues. |
Code
|
Identifies the advice type. This value corresponds to an advice ID that the PingDataGovernance configuration defines. |
Applies To
|
Specifies the policy decisions, such as Permit
or Deny , that include the advice with the
policy result. |
Payload
|
Set of parameters governing the actions that the advice performs when it is applied. The appropriate payload value depends on the advice type. |
PingDataGovernance supports the following advice types:
- Add Filter
- Combine SCIM Search Authorizations
- Denied Reason
- Exclude Attributes
- Filter Response
- Include Attributes
- Modify Attributes
- Modify Headers
- Modify Query
- Modify SCIM Patch
- Regex Replace Attributes
The following sections describe these advice types in more detail. To develop custom advice types, use the Server SDK.
Many advice types let you use the JSONPath expression language to specify JSON field paths. To experiment with JSONPath, use the Jayway JSONPath Evaluator tool.