For a given resource, control the outcomes (deny or permit) of actions on the
resource. In particular, the policy focuses on the Users resource, and then denies deletes
but permits retrieves.
-
In the Policy Editor, go to Policies in
the left pane and then click Policies along the
top.
-
From the + menu, select Add
Policy.
-
For the name, replace Untitled with Control
actions for the User resource.
-
Click the + next to Applies
to.
-
Click Add definitions and targets, or drag from
Components and add the SCIM2.Users
service.
-
Set Combining Algorithm to Unless one
decision is deny, the decision will be permit.
You should have a screen similar to the following one for the policy so
far.
-
Add a rule to deny the deletion of User resources.
-
Click + Add Rule.
-
For the name, replace Untitled with
Action: delete.
-
Set Effect to Deny.
-
Click + Comparison.
-
In the first field, click the A to toggle to an
R and from that field's drop-down list,
select Action.
-
In the second field, select Equals.
-
In the third field, select the delete
action.
-
Add advice to provide a custom message.
- Within the rule, click Show Advice and
Obligations.
- Click + next to Advice and
Obligations.
- Click .
- For the name, specify denied-reason.
- Set Applies To to
Deny.
- In the Payload field:
-
Click Save changes.
Your rule should be similar to the following one.
-
Add a rule to permit the retrieval of User resources.
-
Click + Add Rule.
-
For the name, replace Untitled with
Action: retrieve.
-
Click + Comparison.
-
In the first field, click the A to toggle to an
R and from that field's drop-down list,
select Action.
-
In the second field, select Equals.
-
In the third field, select the retrieve
action.
-
Click Save changes.
Your rule should be similar to the following one.
-
Send test requests to the SCIM service and verify data using the Policy Editor's Decision Visualiser.