.. _aam_authorization_policy: aam authorization policy ======================== Authorization-policy configuration policy Specification -------------------- ===================================== ======================================================================== **Parameter** **Value** ===================================== ======================================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`118_policy_list` **Collection URI** /axapi/v3/aam/authorization/policy **Element Name** policy **Element URI** /axapi/v3/aam/authorization/policy/{name} **Element Attributes** policy_attributes **Partition Visibility** shared **Schema** :download:`policy schema ` ===================================== ======================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authorization/policy .. raw:: html :ref:`118_policy_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/aam/authorization/policy .. raw:: html :ref:`118_policy_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/aam/authorization/policy/{name} .. raw:: html :ref:`118_policy_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/aam/authorization/policy .. raw:: html :ref:`118_policy_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/aam/authorization/policy/{name} .. raw:: html :ref:`118_policy_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/aam/authorization/policy/{name} .. raw:: html :ref:`118_policy_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/aam/authorization/policy .. raw:: html :ref:`118_policy_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/aam/authorization/policy/{name} .. raw:: html :ref:`118_policy_attributes` .. raw:: html
.. _118_policy_list: policy-list ----------- policy-list is **JSON List** of :ref:`118_policy_attributes` policy-list : [ { :ref:`118_policy_attributes` }, { :ref:`118_policy_attributes` }, ... ] .. _118_policy_attributes: policy attributes ----------------- **attribute-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy/{name}/attribute/{attr-num} ` **attribute-rule** **Description** Define attribute rule for authorization policy **Type:** string **Format:** string-rlx **extended-filter** **Description** Extended search filter. EX: Check whether user belongs to a nested group. (memberOf:1.2.840.113556.1.4.1941:=$GROUP-DN) **Type:** string **Format:** string-rlx **Maximum Length:** 511 characters **Maximum Length:** 1 characters **forward-policy-authorize-only** **Description** This policy only provides server info for forward policy feature **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **jwt-authorization** **Description** Specify JWT authorization template (Specify JWT authorization template name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** jwt-authorization, server, and service-group are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/jwt-authorization ` **jwt-claim-map-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/aam/authorization/policy/{name}/jwt-claim-map/{attr-num} ` **name** **Description** Specify authorization policy name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **server** **Description** Specify a LDAP or RADIUS server for authorization (Specify a LDAP or RADIUS server name) **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** server, service-group, and jwt-authorization are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/server/ldap/instance ` **service-group** **Description** Specify an authentication service group for authorization (Specify authentication service group name) **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **Mutual Exclusion:** service-group, server, and jwt-authorization are mutually exclusive **Reference Object:** :doc:`/axapi/v3/aam/authentication/service-group ` **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _118_jwt-claim-map-list: jwt-claim-map-list ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **attr-num** **Description** Spcify attribute ID for claim mapping **Type:** number **Range:** 1-32 **bool-val** **Description** 'true': True; 'false': False; **Type:** string **Supported Values:** true, false **boolean-type** **Description** Claim type is boolean **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** boolean-type, string-type, and number-type are mutually exclusive **claim** **Description** Specify JWT claim name to map to. **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **num-val** **Description** Specify JWT claim value. **Type:** number **Range:** 0-4294967295 **number-type** **Description** Claim type is number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** number-type, string-type, and boolean-type are mutually exclusive **str-val** **Description** Specify JWT claim value. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **string-type** **Description** Claim type is string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** string-type, number-type, and boolean-type are mutually exclusive **type** **Description** Specify claim type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _118_attribute-list: attribute-list ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **A10-AX-AUTH-URI** **Description** Custom-defined attribute **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** A10-AX-AUTH-URI and attribute-name are mutually exclusive **a10-dynamic-defined** **Description** The value of this attribute will depend on AX configuration instead of user configuration **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **any** **Description** Matched when attribute is present (with any value). **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** any and attr-type are mutually exclusive **attr-int** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; **Type:** string **Supported Values:** equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to **attr-int-val** **Description** Set attribute value **Type:** number **Range:** 0-4294967295 **attr-ip** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not-equal; **Type:** string **Supported Values:** equal, not-equal **attr-ipv4** **Description** IPv4 address **Type:** string **Format:** ipv4-address **attr-num** **Description** Set attribute ID for authorization policy **Type:** number **Range:** 1-32 **attr-number** **Description** 'equal': Operation type is equal; 'not-equal': Operation type is not equal; 'less-than': Operation type is less-than; 'more-than': Operation type is more-than; 'less-than-equal-to': Operation type is less-than-equal-to; 'more-than-equal-to': Operation type is more-thatn-equal-to; **Type:** string **Supported Values:** equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to **attr-number-val** **Description** Set attribute value **Type:** string **Maximum Length:** 20 characters **Maximum Length:** 1 characters **attr-str** **Description** 'match': Operation type is match; 'sub-string': Operation type is sub-string; **Type:** string **Supported Values:** match, sub-string **attr-str-val** **Description** Set attribute value **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **attr-type** **Description** Specify attribute type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** attr-type and any are mutually exclusive **attribute-name** **Description** Specify attribute name **Type:** string **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** attribute-name and A10-AX-AUTH-URI are mutually exclusive **custom-attr-str** **Description** 'match': Operation type is match; 'sub-string': Operation type is sub-string; **Type:** string **Supported Values:** match, sub-string **custom-attr-type** **Description** Specify attribute type **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **integer-type** **Description** Attribute type is integer **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** integer-type,string-type, ip-type, and number-type are mutually exclusive **ip-type** **Description** IP address is transformed into network byte order **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** ip-type,string-type, integer-type, and number-type are mutually exclusive **number-type** **Description** Attribute type is decimal number **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** number-type,string-type, integer-type, and ip-type are mutually exclusive **string-type** **Description** Attribute type is string **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** string-type,integer-type, ip-type, and number-type are mutually exclusive **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters