Skip to main content

Expressions

Description

The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy. 

Custom attributes

Expresion

The Types

attributes depends on the Expression type selected.

  • Data
    • EXPRESSION TYPEOTHER FIELDSDATA TYPE
    Attribute valueValue: alfanumeric fieldAvailable data types.
    ResourceAttribute designator
    • Attribute value
    • Resource
    • Subject
    • Action
    • Environment
    • Attribute selector
    • Variable
    • Function
    • Function name

     

     

     

     

     

    Attribute value

    • Value
    • Data type

    Resource

    • Attribute designator
      • UrlURL
      • Soffid object
      • Account name
      • System name
      • Login name
      • Vault folder
      • Access level
    		Available data types.
    Subject

    Attribute designator

    • User
    • DataUser typeattributes
    • Account
    • System
    • Role
    • Group
    • Primary Gorup
    • IP Address

    Subject

    		Available data types.
    Action

    Attribute designator

    • Attribute designator
    • Data typemethod

    Action

    		Available data types.
    Environment

    Attribute designator

    • Country

    • Current Time

    • Current Date

    • Current DateTime

    		Available data types.
    Attribute designatorselectorAttribute selector: alfanumeric fieldAvailable data types.
    VariableVariable: alfanumeric field--
    Function

    Function type:

    • MethodComparison
    • Atithmetic
    • Conversions
    • Boolean Operators
    • String Functions
    • Set Functions
    • Bag Functions
    • HigherOrderBagFunctions
    • XPath
    		 Available data types.
    Function name

    Function type

    Environment

    :

    • Attribute designatorComparison
    • Data type

    Attribute selector

    • Attribute selectorAtithmetic
    • Data type

    Variable

    • Variable

    Function

    • Function typeConversions
    • FunctionBoolean Operators
    • DataString type

    Function name

    • Function typeFunctions
    • FunctionSet Functions
    • DataBag typeFunctions
    • HigherOrderBagFunctions
    • XPath

    Function: the value depends on the function type selected.

    		Available data types.

     

    Data Type

    Available data types

    • String:
    • Boolean
    • Integer
    • Double
    • Date and time
    • Date
    • Time
    • HEX-encoded binary
    • URI
    • Year-month duration
    • Day-time duration
    • Base 64 binary
    • X. 500 name
    • RFC822 name

    https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

     

    Back to top