Skip to main content

Rules

Description

A rule is the most elementary unit of policy. It may exist in isolation only within one of the major actors of the XACML domain. In order to exchange rules between major actors, they must be encapsulated in a policy. A rule can be evaluated on the basis of its contents.

A rule is composed by a target, an effect and a condition. It is able to add more than one rule to the policy.

Screen overview

image-1627296261113.png

Custom attributes

Effect

Rule effect declaration. When a rule evaluates to ‘True’ it emits the value of the Effect attribute. This value is then combined with the Effect values of other rules according to the rule combining algorithm.

Two values are allowed: "Permit" and "Deny".

Target

Set of requests to which the rule will be apply.

Visit the Target page for more information

Conditions

The conditions are boolean expresions, to refine the applicability of the rule.

Visit the Conditions page for more information.

https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

 

 

Back to top