Each resource assigned to an application domain can be protected by only one authorization policy.
In an automatically generated application domain, the following authorization policies are seeded as defaults:
- Protected Resource
- Public Resource
Administrators can create an authorization policy to protect access to one or more resources based on attributes of an authenticated user or the environment. The authorization policy provides the sole authorization protection for resources included in the policy.
Authorization policies are local, which means that each policy applies only to the resources specified for the policy. A policy cannot be derived or applied to any other resource.
A single policy can be defined to protect one or more resources in the application domain. However, each resource can be protected by only one authorization policy.
OSSO Agents use only the authentication policy and not the authorization
policies.
Authorization Policy Response
Authorization Response defines the action that must be fulfilled after successful
Authorization.
Authorization Constraints
Authorization Constraint is a rule that grants or denies access to a particular resource
based on the context of the request. Authorization Constraints are applicable specific to
an Authorization Policy. Constraints have TYPE and CLASS. Constraint Type has the
values Allow or Deny, which allow or deny access resource. Constraints Class consists
of Identity, Temporal, and IP4 Range.
