Skip to main content

Expressions

Description

The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy. 

Standard attributes

The attributes depend on the Expression type selected.

EXPRESSION TYPE OTHER FIELDS DATA TYPE
Attribute value Value: alfanumeric field Available data types.
Resource Attribute designator
  • URL
  • Soffid object
  • Account name
  • System name
  • Login name
  • Vault folder
  • Access level
 Available data types.
Subject

Attribute designator

  • User
  • User attributes
  • Account
  • System
  • Role
  • Group
  • Primary Group
  • IP Address
 Available data types.
Action

Attribute designator

  • method
 Available data types.
Environment

Attribute designator

  • Country

  • Current Time

  • Current Date

  • Current DateTime

 Available data types.
Attribute selector Attribute selector: alphanumeric field Available data types.
Variable Variable: alfanumeric field --
Function

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath
 Available data types.
Function name

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath

Function: the value depends on the function type selected.

 Available data types.

Data Type

Available data types

  • String:
  • Boolean
  • Integer
  • Double
  • Date and time
  • Date
  • Time
  • HEX-encoded binary
  • URI
  • Year-month duration
  • Day-time duration
  • Base 64 binary
  • X. 500 name
  • RFC822 name



https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf


Back to top