Policy set
Description
"A PolicySet is a container that can hold other Policies or PolicySets, as well as references to policies found in remote locations".
In order to create a PolicySet, identifier, policy combining algorithm and version are needed. You can also write a description. Identifier must be an URI, it is recommended to use numbers for version and the policy combining algorithm determine how the different Policies in the PolicySet will be applied.
Every PolicySet contains one Target. Target contains the subjects, resources, actions and environments where the policy set will be applied. A target can contains more than one subject, environment, resource or action or none of them.
For example, a subject can be a user from soffid, a group, a host IP, ...
It is also possible to create other PolicySet, Policies, or References for an existing PolicySet. In order to do that, it is needed to select the PolicySet on the tree anc click on 'Add new'.
Policy Set can be exported to an XML file by clicking on Export button. The file will contain the Policy Set Target and all the elements included in it, like other PolicySets, Policies or References.
It is possible to create a new version for a PolicySet by clicking on 'Add new version'. That will copy all PolicySet elements on the tree with the following version number.
Related objects
Custom attributes
Policy set
- Identifier: identify the policy set.
- Version: version of the policy set.
- Description: brief description of the policy set.
- Policy Combining Algorithm:
- Deny overrides.
- Permit overrides.
- First applicable.
- Only one applicable.
- Ordered deny overrides.
- Ordered permit overrides.
Target
Target contains the subjects, resources, actions, and environments where the policy set will be applied. A target can contains more than one subject, environment, resource or action or none of them.
Subjects
Resources
Actions
Environments
Obligations
Actions
https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html