accessDecisionReason element
Reference information about the accessDecisionReason element.
Description
Additional information about the access decision.
For example, when accessDecision='denied', provides the reason for the
denial.
Values
String
The following strings are suggested values:
- authnLevelUnauthorized
- The user is not authenticated at a sufficiently high level to access the resource.
- authzRuleUnauthorized
- The authorization rule policy denied access.
- delegateUnauthorized
- Delegate principal is unauthorized to perform delegation.
- qopUnauthorized
- The communication channel that is used to access the resource has an insufficient level of quality of protection.
- reauthnUnauthorized
- Access is denied until the user interactively reauthenticates.
- timeOfDayUnauthorized
- Access denied due to time of day policy.
- unauthorized
- Operation is not authorized. Use this value only if you cannot provide a more specific reason.
XPath
CommonBaseEvent/extendedDataElements[@name='accessDecisionReason']/values