Skip to main content

Anexo I

Description

Target contains the subjects, resources, actions, and environments where the policy set will be applied. A target can contains more than one subject, environment, resource or action or none of them.

Subjects

An actor whose attributes may be referenced by a predicate.

Allows you to add one or more subjects as a target where the policy will be applied.

To configure a subject, first of all you need to select attributes. You can select a value for a attribute designator list, or write the attribute selector value and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Resources

Data, service or system component.

Allows you to add one or more resources as a target where the policy will be applied.

To configure a resource, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Actions

An operation on a resource.

Allows you to add one or more actionss as a target where the policy will be applied.

To configure an action, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the attribute data type.

Environments

The set of attributes that are relevant to an authorization decision and are independent of a particular subject, resource or action.

Allows you to add one or more environments as a target where the policy will be applied.

To configure an environment, first of all you need to select an attribute. You can select a value for a attribute designator list, or write the attribute selector value  and select the data type.

Then, you need to select the operator, it will be used to compare or compute attributes.

And finally, you need to set a value, with which the attribute will be computed or compared. The value data type depends on the  attribute data type.

https://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf

Back to top