Statements are directives that instruct the policy decision service to perform additional processing in conjunction with an authorization decision.
Without statements, your policies can tell the decision service to either permit or deny a decision request. With statements, you can include additional information in permit and deny decisions, such as adding response headers when the decision is permit and including a message when the decision is deny. For a statement to apply, the rule or policy must return a permit or deny decision. Statements aren’t returned with decisions that are indeterminate or not applicable.
Statements enable you to be more expressive in your policies by allowing you to do things such as add or remove specific fields from requests and responses, return statement codes to DaVinci flows, update risk indicators, and provide authorized records for consent enforcement.
Statements are sometimes called advice and obligations. An obligation is an advice statement that must be fulfilled as a condition of authorizing the decision request.
Statements processed by the dynamic authorization decision service can return statement codes and attributes in decision responses. With an API gateway integration, the API Access Management HTTP Access Policy Service can enforce built-in statements that filter and transform inbound request and outbound response data. PingOne Authorize provides templates for these built-in statements.
For information about using statements in policies, see Adding statements to policies and rules.