policy-trigger

Edit online

This stanza entry defines the authorization API service for external authorization service definitions that force authorization decisions to made based on application-specific criteria.

Syntax

policy-trigger = {short_name|path_to_dll} [-weight number]
     [ & params ...]

Description

Defines the authorization API service for external authorization service definitions that force authorization decisions to made based on application-specific criteria. Each stanza entry defines different types of aznAPI service, and each entry is the same format.

Options

policy-trigger

The policy trigger is the way that an external authorization service is started. It is either a service ID or an access control list (ACL) action string. For example, it can be my_service_1 or Trx. If the service is defined an ID, the service ID is used as an extended attribute on a POP that triggers the external authorization service when an object has this POP attached to it. If the service is defined with an ACL action string, the service is started when this ACL action mask is requested as part of an authorization decision.

The policy trigger can be any string that is recognized as a valid key name. The policy-trigger is case-sensitive, because the actions themselves are case-sensitive. However, the policy trigger is not case-sensitive if the trigger is a POP attribute.

short_name|path_to_dll

The path to the dynamic link library (DLL) that contains the executable code for the service.

If the DLL is in a directory that is normally searched by the system (for example, /usr/lib on AIX, Linux, and Solaris operating systems or the value of the PATH environment variable on Windows operating systems), do not specify the full path to the DLL. Specify only the DLL name. If you want a platform-independent DLL name, so it can be loaded on any supported platform, provide a short name. The short name is appended with known library prefixes and suffixes for each platform, and each possibility is searched in turn. For example, with a short name of azn_ent_user, the following names that are automatically searched for on each platform:

AIX®: libazn_ent_user.so
libazn_ent_user.a
Linux™: libazn_ent_user.so
Solaris: libazn_ent_user.so
Windows™: azn_ent_user.dll

[-weight number]

Optional: Specifies the weight assigned in the access decision process of the external authorization service. This option is an unsigned size_t value. This value signifies the weight. In the entire decision process, the weight is specified in any decision that is returned by the external authorization service. The default value is 101.

params

Optional: Additional initialization information to pass to the external authorization service in the form of arguments. The arguments must be preceded by the ampersand (&); for example, & -server fred. The service definition is described in more detail in the Authorization C API Developer Reference.

Usage

Optional

Default value

There is no default value.