Skip to main content

Rules

Description

A rule is the most elementary unit of policy. It may exist in isolation only within one of the major actors of the XACML domain. In order to exchange rules between major actors, they must be encapsulated in a policy. A rule can be evaluated on the basis of its contents.

A rule is composed by a target, an effect and a condition. It is able to add more than one rule to the policy.

Screen overview

image-1627296261113.png

Custom attributes

  • Rule: rule name.
  • Description: brief description of the rule.
  • Effect

:

"Rule effect declaration. When a rule evaluates to ‘True’ it emits the value of the Effect attribute. This value is then combined with the Effect values of other rules according to the rule combining algorithm.

"Two values are allowed: "Permit"

    and
  • Permit.
  • "Deny".

  • Deny.
  • Target
  • Conditions
  • Set of requests to which the rule will be apply.

    Visit the Target page for more information

    Conditions

    The conditions are boolean expresions, to refine the applicability of the rule.

    Visit the Conditions page for more information. 


    https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf