In this example, PingDataGovernance Server functions as the policy enforcement type.

Advices allow PingDataGovernance Server to do more than allow or deny access to an API resource. For example, an advice might cause the removal of a specific set of fields from a response.

You can add an advice directly to a single policy or rule, or add an advice in Components for use with multiple policies or rules. Advices possess the following significant properties.

Advice property Description
Name Friendly name for the advice.
Obligatory If true, the advice must be fulfilled as a condition of authorizing the request. If PingDataGovernance cannot fulfill an obligatory advice, it fails the operation and returns an error to the client application. If a non-obligatory advice cannot be fulfilled, an error is logged, but the client's requested operation continues.
Code Identifies the advice type. This value corresponds to an advice ID that the PingDataGovernance configuration defines.
Applies To Specifies the policy decisions, such as Permit or Deny, that include the advice with the policy result.
Payload Set of parameters governing the actions that the advice performs when it is applied. The appropriate payload value depends on the advice type.

PingDataGovernance supports the following advice types:

  • Add Filter
  • Combine SCIM Search Authorizations
  • Denied Reason
  • Exclude Attributes
  • Filter Response
  • Include Attributes
  • Modify Attributes
  • Modify Headers
  • Modify Query
  • Modify SCIM Patch
  • Regex Replace Attributes

The following sections describe these advice types in more detail. To develop custom advice types, use the Server SDK.

Note:

Many advice types let you use the JSONPath expression language to specify JSON field paths. To experiment with JSONPath, use the Jayway JSONPath Evaluator tool.