Skip to main content

Expressions

Description

The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy. 

 Expressions are elements that allow to evaluate conditions within rules and policies to make access decisions.

Standard attributes

The attributes depend on the Expression type selected.

EXPRESSION TYPE OTHER FIELDS DATA TYPE
Attribute value Value: alfanumeric field Available data types.
Resource Attribute designator
  • URL
  • Soffid object
  • Account name
  • System name
  • Login name
  • Vault folder
  • Access level
Available data types.
Subject

Attribute designator

  • User
  • User attributes
  • Account
  • System
  • Role
  • Group
  • Primary Group
  • IP Address
Available data types.
Action

Attribute designator

  • method
Available data types.
Environment

Attribute designator

  • Country
  • Current Time

  • Current Date

  • Current DateTime

Available data types.
Attribute selector Attribute selector: alphanumeric field Available data types.
Variable Variable: alfanumeric field --
Function

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath
Available data types.
Function name

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath

Function: the value depends on the function type selected.

Available data types.

Data Type

Available data types

  • String:
  • Boolean
  • Integer
  • Double
  • Date and time
  • Date
  • Time
  • HEX-encoded binary
  • URI
  • Year-month duration
  • Day-time duration
  • Base 64 binary
  • X. 500 name
  • RFC822 name




https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf