# Expressions

## Description

> The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy.

 Expressions are elements that allow to evaluate conditions within rules and policies to make access decisions.

## Related objects

- [**Variables**](https://bookstack.soffid.com/books/xacml/page/variables "Variables")
- [**Conditions**](https://bookstack.soffid.com/books/xacml/page/conditions "Conditions")

## Standard attributes

The attributes depend on the Expression type selected.

<table class="confluenceTable tablesorter tablesorter-default stickyTableHeaders" id="bkmrk-expression-type-othe" role="grid"><thead class="tableFloatingHeaderOriginal"><tr style="height: 29px;"><td class="align-center" style="width: 25%; height: 29px;">**EXPRESSION TYPE**</td><td class="align-center" style="width: 32.037%; height: 29px;">**OTHER FIELDS**</td><td class="align-center" style="width: 32.0371%; height: 29px;">**DATA TYPE**</td></tr></thead><tbody><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Attribute value</td><td style="width: 32.037%; height: 29px;">**Value**: alfanumeric field</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Resource</td><td style="width: 32.037%; height: 29px;">**Attribute designator**  
- URL
- Soffid object
- Account name
- System name
- Login name
- Vault folder
- Access level

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Subject</td><td style="width: 32.037%; height: 29px;">**Attribute designator**

- User
- User attributes
- Account
- System
- Role
- Group
- Primary Group
- IP Address

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Action</td><td style="width: 32.037%; height: 29px;">**Attribute designator**:

- method

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Environment</td><td style="width: 32.037%; height: 29px;">**Attribute designator**:

- Country
- Current Time
- Current Date
- Current DateTime

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Attribute selector</td><td style="width: 32.037%; height: 29px;">**Attribute selector**: alphanumeric field</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Variable</td><td style="width: 32.037%; height: 29px;">**Variable**: alfanumeric field</td><td style="width: 32.0371%; height: 29px;">--</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Function</td><td style="width: 32.037%; height: 29px;">**Function type**:

- Comparison
- Arithmetic
- Conversions
- Date conversions
- Boolean Operators
- String Functions
- Set Functions
- Bag Functions
- HigherOrderBagFunctions
- XPath

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr><tr style="height: 29px;"><td style="width: 25%; height: 29px;">Function name</td><td style="width: 32.037%; height: 29px;">**Function type**:

- Comparison
- Arithmetic
- Conversions
- Date conversions
- Boolean Operators
- String Functions
- Set Functions
- Bag Functions
- HigherOrderBagFunctions
- XPath

**Function**: the value depends on the function type selected.

</td><td style="width: 32.0371%; height: 29px;">[Available data types](#bkmrk-%C2%A0-0).</td></tr></tbody></table>

## Data Type

Available data types

- String:
- Boolean
- Integer
- Double
- Date and time
- Date
- Time
- HEX-encoded binary
- URI
- Year-month duration
- Day-time duration
- Base 64 binary
- X. 500 name
- RFC822 name

---

[*https://docs.oasis-open.org/xacml/2.0/access\_control-xacml-2.0-core-spec-os.pdf*](https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf)