Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="auth_admin" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable" Version="1.0">
- <Description>sample policy</Description>
- <Target></Target>
- <Rule Effect="Permit" RuleId="primary-group-customer-rule">
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">http://127.0.0.1/service/very_secure/</AttributeValue>
- <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
- </Match>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
- <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- <Condition>
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-subset">
- <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
- </Apply>
- <AttributeDesignator AttributeId="group" Category="urn:oasis:names:tc:xacml:3.0:group" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"></AttributeDesignator>
- </Apply>
- </Condition>
- </Rule>
- <Rule Effect="Deny" RuleId="deny-rule"></Rule>
- </Policy>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
