Authorization decisions domain file
This page contains the domain information needed to run the examples that are referred in the Examples of requests and responses section of the APIs chapter.
Copy this content to a new file named domain.yaml
to use it in the authorization decision example.
note
This domain file must be used when running the requests described in the example. Otherwise the sample responses will not match the corresponding request.
identity: domain-id
policy:
mainPolicyId: sample-getting-started-policy
xacmlSpecifications:
- |
<PolicySet PolicySetId="sample-getting-started-policy" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" Version="1.0">
<Description>Policy set description</Description>
<PolicySetDefaults>
<XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
</PolicySetDefaults>
<Target />
<Policy PolicyId="http://www.axiomatics.com/automatic-unique-id/50f5b25e-dc7f-4672-a673-1a482e53f023" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
<Description>Policy description</Description>
<PolicyDefaults>
<XPathVersion>http://www.w3.org/TR/1999/REC-xpath-19991116</XPathVersion>
</PolicyDefaults>
<Target />
<Rule RuleId="c01d7519-be21-4985-88d8-10941f44590a" Effect="Permit">
<Description>Rule description</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">employee</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="idaction" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">companypolicy</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="document_id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-one-and-only">
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="isAllowed" DataType="http://www.w3.org/2001/XMLSchema#boolean" MustBePresent="false" />
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">true</AttributeValue>
</Apply>
</Condition>
</Rule>
<Rule RuleId="bb23f4db-9999-4d88-9e34-ae346d559e63" Effect="Deny">
<Description>Rule description</Description>
<Target>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">consultant</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="role" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">view</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="idaction" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
<AnyOf>
<AllOf>
<Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">companypolicy</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="document_id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false" />
</Match>
</AllOf>
</AnyOf>
</Target>
<Condition>
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-equal">
<Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:boolean-one-and-only">
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" AttributeId="isAllowed" DataType="http://www.w3.org/2001/XMLSchema#boolean" MustBePresent="false" />
</Apply>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#boolean">false</AttributeValue>
</Apply>
</Condition>
</Rule>
</Policy>
</PolicySet>