Skip to main content

Expressions

Description

The Expression signifies that an element that extends the ExpressionType and is a member of the Expression substitution group shall appear in its place. The Expression is not used directly in a policy. 

Standard attributes

The attributes depends on the Expression type selected.

EXPRESSION TYPE OTHER FIELDS DATA TYPE
Attribute value Value: alfanumeric field Available data types.
Resource Attribute designator
  • URL
  • Soffid object
  • Account name
  • System name
  • Login name
  • Vault folder
  • Access level
Available data types.
Subject

Attribute designator

  • User
  • User attributes
  • Account
  • System
  • Role
  • Group
  • Primary Gorup
  • IP Address
Available data types.
Action

Attribute designator

  • method
Available data types.
Environment

Attribute designator

  • Country
  • Current Time

  • Current Date

  • Current DateTime

Available data types.
Attribute selector Attribute selector: alfanumeric field Available data types.
Variable Variable: alfanumeric field --
Function

Function type:

  • Comparison
  • Atithmetic
  • Conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath
Available data types.
Function name

Function type:

  • Comparison
  • Atithmetic
  • Conversions
  • Boolean Operators
  • String Functions
  • Set Functions
  • Bag Functions
  • HigherOrderBagFunctions
  • XPath

Function: the value depends on the function type selected.

Available data types.

Data Type

Available data types

  • String:
  • Boolean
  • Integer
  • Double
  • Date and time
  • Date
  • Time
  • HEX-encoded binary
  • URI
  • Year-month duration
  • Day-time duration
  • Base 64 binary
  • X. 500 name
  • RFC822 name

Examples

Password vault Policy Enforcement Point

Permit or deny between hours

image-1627559560450.png

Deny access to a specific user

image-1627654583995.png

image-1627654508485.png

----

 

 &&TODO&&

3. 

 

 

image-1627568614490.png

 

image-1627568636888.png

Revisar NULL

image-1627568798628.png

 

 

 


https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf