[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Expression Policies that require user attributes in a geneneral way
I am looking to create a policy that generates an access decision based on user attributes, but in a general way. For instance, take the simplest case where I want to allow read access to the user: sam on the page: www.example.com/sam. I would also like to do the same for mary (www.example.com/mary) and john (www.example.com/john). I could, of course, write three policies for all three, but that does not scale. here is my start: <Policy PolicyId="ExamplePolicy1" RuleCombiningAlgId=...> <Target> <Subjects> <AnySubject/> </Subjects> <Resources> <Resource> <ResourceMatch MatchId=...regexp-string-match”> <ResourceAttributeDesignator AttributeId=...:resource-id” DataType=...string”/> <AttributeValue DataType=...string”>www.example.com/* </AttributeValue> </ResourceMatch> </Resource> </Resources> <Actions> <AnyACtion/> </Actions> </Target> <Rule RuleId="ReadRule" Effect="Permit"> .. I am having trouble constructing a Condition Function in a Rule base on a variable attribute of a Subject. Thanks, Rupert -- Rupert Webb Software Engineer LimeBrokerage rwebb@limebrokerage.com Work: 781-472-3756 Cell: 617-257-4447 ---------------------------------------------------------- This mail sent through IMP: https://webmail.limegroup.com/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]