Expressions

Description

The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy. 

 Expressions are elements that allow to evaluate conditions within rules and policies to make access decisions.

Standard attributes

The attributes depend on the Expression type selected.

EXPRESSION TYPE OTHER FIELDS DATA TYPE
Attribute value Value: alfanumeric field Available data types.
Resource Attribute designator
  • URL
  • Soffid object
  • Account name
  • System name
  • Login name
  • Vault folder
  • Access level
 Available data types.
Subject

Attribute designator

  • User
  • User attributes
  • Account
  • System
  • Role
  • Group
  • Primary Group
  • IP Address
 Available data types.
Action

Attribute designator

  • method
 Available data types.
Environment

Attribute designator

  • Country

  • Current Time

  • Current Date

  • Current DateTime

 Available data types.
Attribute selector Attribute selector: alphanumeric field Available data types.
Variable Variable: alfanumeric field --
Function

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath
 Available data types.
Function name

Function type:

  • Comparison
  • Arithmetic
  • Conversions
  • Date conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath

Function: the value depends on the function type selected.

 Available data types.

Data Type

Available data types



https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf


Revision #22
Created 28 July 2021 10:44:24 by pgarcia@soffid.com
Updated 14 March 2025 08:45:47 by pgarcia@soffid.com