Skip to main content

Security rule conventions

In general, a rule can be read as a sentence:

"Allow the requester to [action] the [resource] provided that [conditions]."

This section describes the action, resource, conditions, and other properties that can be used to build a rule.

Tip noteYou can create rules for users that are not yet in the system or resources that do not yet exist in the system. This enables you to proactively create rules. However, the rules cannot evaluate until the users are authenticated in the system, or the resources, such as apps, actually exist.

Reading the security rule syntax notation

The security rules syntax notation is as follows:

  • words written outside brackets in regular text are mandatory (required).
  • words or characters written in bold outside or inside brackets are mandatory.
  • words written in italic inside brackets are optional.
  • words in blue in the syntax descriptions are links to further information on the syntax.

Security rule properties

Click the name of the field to see a description and then click the link to read the corresponding syntax (if available).

Conditions for security rules

Define resource and/or user conditions that should be met for the rule to apply. (OPTIONAL).

Conditions are defined using property-value pairs. You are not required to specify resource or user conditions. In fact, you can leave the Conditions field empty.

[resource.resourcetype = "resourcetypevalue"] [OPERATOR] [((( = propertyvalue) [OPERATOR ( = propertyvalue)))]