Administering authorization rules
Authorization rules are conditions or standards that are contained in an authorization policy that are used to make access decisions that are based on attributes such as user, application, and environment context. Authorization rules are defined to specify conditions that must be met before access to a protected object is permitted. A rule is created by using Boolean conditions that are based on data that is supplied to the authorization engine within the user credential, from the resource manager application or from the encompassing business environment.
A Verify Identity Access authorization rule is a policy type like an access control list (ACL) or a protected object policy (POP). The rule is stored as a text rule within a rule policy object and is attached to a protected object in the same way and with the same constraints as ACLs and POPs.
The Verify Identity Access administration API provides functions methods to create, delete, modify, list, and get authorization rules
The Verify Identity Access administration Java™ classes provide methods to create, delete, modify, list, and get authorization rules.
For more information about authorization rules, see the IBM Verify Identity Access for Web: Administration Guide.
Use the methodsfunctions shown in Table 1 to administer authorization rule objects.
| FunctionMethod | Description |
|---|---|
| ivadmin_authzrule_create() PDAuthzRule.createAuthzRule |
Creates the specified authorization rule object. |
| ivadmin_authzrule_delete() PDAuthzRule.deleteAuthzRule |
Deletes the specified authorization rule object. |
| ivadmin_authzrule_get() PDAuthzRule constructor |
Returns the specified authorization rule object. Instantiates the specified authorization rule object. |
| ivadmin_authzrule_getid() PDAuthzRule object.getId |
Returns the ID for the specified authorization rule. |
| ivadmin_authzrule_getdescription() PDAuthzRule object.getDescription |
Returns the description for the specified authorization rule. |
| ivadmin_authzrule_getfailreason() PDAuthzRule object.getFailReason |
Returns the fail reason, if any, for the specified authorization rule. |
| ivadmin_authzrule_getruletext() PDAuthzRule object.getRuleText |
Returns the rule text for the specified authorization rule. |
| ivadmin_authzrule_list() PDAuthzRule.listAuthzRules |
Lists all the registered authorization rules. |
| ivadmin_authzrule_setdescription() PDAuthzRule.setDescription |
Sets the description for the specified authorization rule. |
| ivadmin_authzrule_setruletext() PDAuthzRule.setRuleText |
Sets the authorization rule text. |
| ivadmin_authzrule_setfailreason() PDAuthzRule.setFailReason |
Sets the authorization rule fail reason. |
For detailed reference information about these methods, see the Javadoc HTML documentation.