{ "id":"/axapi/v3/aam/authorization/policy/{name}", "type":"object", "node-type":"list", "title":"policy", "partition-visibility":"shared", "description":"Authorization-policy configuration", "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify authorization policy name", "optional":false }, "attribute-rule":{ "type":"string", "format":"string-rlx", "partition-visibility":"shared", "description":"Define attribute rule for authorization policy", "optional":true }, "server":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/server/ldap/instance", "not-list":[ "service-group", "jwt-authorization" ], "description":"Specify a LDAP or RADIUS server for authorization (Specify a LDAP or RADIUS server name)", "optional":true }, "service-group":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/authentication/service-group", "not-list":[ "server", "jwt-authorization" ], "description":"Specify an authentication service group for authorization (Specify authentication service group name)", "optional":true }, "jwt-authorization":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "$ref":"/axapi/v3/aam/jwt-authorization", "not-list":[ "server", "service-group" ], "description":"Specify JWT authorization template (Specify JWT authorization template name)", "optional":true }, "extended-filter":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":511, "partition-visibility":"shared", "description":"Extended search filter. EX: Check whether user belongs to a nested group. (memberOf:1.2.840.113556.1.4.1941:=$GROUP-DN)", "optional":true }, "forward-policy-authorize-only":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"This policy only provides server info for forward policy feature", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "attribute-list":{ "type":"array", "minItems":1, "items":{ "type":"attribute" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authorization/policy/{name}/attribute/{attr-num}", "array":[ { "properties":{ "attr-num":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Set attribute ID for authorization policy", "optional":false }, "attribute-name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"A10-AX-AUTH-URI", "description":"Specify attribute name", "optional":true }, "any":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"attr-type", "description":"Matched when attribute is present (with any value).", "optional":true }, "attr-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"any", "description":"Specify attribute type", "optional":true }, "string-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "integer-type", "ip-type", "number-type" ], "description":"Attribute type is string", "optional":true }, "integer-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "string-type", "ip-type", "number-type" ], "description":"Attribute type is integer", "optional":true }, "ip-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "string-type", "integer-type", "number-type" ], "description":"IP address is transformed into network byte order", "optional":true }, "number-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "string-type", "integer-type", "ip-type" ], "description":"Attribute type is decimal number", "optional":true }, "attr-str":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'match': Operation type is match; 'sub-string': Operation type is sub-string; ", "enum":[ "match", "sub-string" ], "optional":true }, "attr-str-val":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Set attribute value", "optional":true }, "attr-int":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; ", "enum":[ "equal", "not-equal", "less-than", "more-than", "less-than-equal-to", "more-than-equal-to" ], "optional":true }, "attr-int-val":{ "type":"number", "format":"number", "minimum":0, "maximum":4294967295, "partition-visibility":"shared", "description":"Set attribute value", "optional":true }, "attr-ip":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'equal': Operation type is equal; 'not-equal': Operation type is not-equal; ", "enum":[ "equal", "not-equal" ], "optional":true }, "attr-ipv4":{ "type":"string", "format":"ipv4-address", "partition-visibility":"shared", "description":"IPv4 address", "optional":true }, "attr-number":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; ", "enum":[ "equal", "not-equal", "less-than", "more-than", "less-than-equal-to", "more-than-equal-to" ], "optional":true }, "attr-number-val":{ "type":"string", "format":"string", "minLength":1, "maxLength":20, "partition-visibility":"shared", "description":"Set attribute value", "optional":true }, "A10-AX-AUTH-URI":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"attribute-name", "description":"Custom-defined attribute", "optional":true }, "custom-attr-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify attribute type", "optional":true }, "custom-attr-str":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'match': Operation type is match; 'sub-string': Operation type is sub-string; ", "enum":[ "match", "sub-string" ], "optional":true }, "a10-dynamic-defined":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"The value of this attribute will depend on AX configuration instead of user configuration", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "attr-num" ] } ] }, "jwt-claim-map-list":{ "type":"array", "minItems":1, "items":{ "type":"jwt-claim-map" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authorization/policy/{name}/jwt-claim-map/{attr-num}", "array":[ { "properties":{ "attr-num":{ "type":"number", "format":"number", "minimum":1, "maximum":32, "partition-visibility":"shared", "description":"Spcify attribute ID for claim mapping", "optional":false }, "claim":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify JWT claim name to map to.", "optional":true }, "type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Specify claim type", "optional":true }, "string-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "number-type", "boolean-type" ], "description":"Claim type is string", "optional":true }, "number-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "string-type", "boolean-type" ], "description":"Claim type is number", "optional":true }, "boolean-type":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not-list":[ "string-type", "number-type" ], "description":"Claim type is boolean", "optional":true }, "str-val":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify JWT claim value.", "optional":true }, "num-val":{ "type":"number", "format":"number", "minimum":0, "maximum":4294967295, "partition-visibility":"shared", "description":"Specify JWT claim value.", "optional":true }, "bool-val":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'true': True; 'false': False; ", "enum":[ "true", "false" ], "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true } }, "required":[ "attr-num" ] } ] } }, "object-keys":[ "name" ], "required":[ "name" ] }