Role Policies

The Role PolicySet or RPS is a <PolicySet> that associates holders of a given role attribute and value with a Permission <PolicySet> that contains the actual permissions associated with the given role. The <Target> element of a Role <PolicySet> limits the applicability of the <PolicySet> to subjects holding the associated role attribute and value. Each Role <PolicySet> references a single corresponding Permission <PolicySet> but does not contain or reference any other <Policy> or <PolicySet> elements.

A Role Policy associates a Subject with a Permission Assignment Policy. For example:

<PolicySet PolicySetId="org.talend.xacml.permissions.role.boss" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:permit-overrides" xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" >
    <Target>
        <Subjects>
            <Subject>
                <SubjectMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:anyURI-equal">
                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">boss</AttributeValue>
                    <SubjectAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#anyURI" AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role"/>
                </SubjectMatch>
            </Subject>
        </Subjects>
    </Target>
    <PolicySetIdReference>org.talend.xacml.permissions.assignment.boss</PolicySetIdReference>
</PolicySet>

So in this case, a Subject of "boss" is associated with the given permission assignment policy Id.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here