[<a href="http://www.setgetweb.com/p/isva/wrp_stza_ref/reference/ref_aznapi_ext_authzn_serv_stza.html">aznapi-external-authzn-services</a>] stanza

[aznapi-external-authzn-services] stanza

An external authorization service plug-in is an optional extension of the ISAM authorization service that used to impose additional authorization controls and conditions.
We can use an external authorization service plug-in to force authorization decisions to be made based on application-specific criteria that are not known to the ISAM authorization service. Each external authorization service plug-in is a stand-alone module that is dynamically loaded into the authorization service. The parameters for configuring Security Verify Access external authorization service plug-ins are declared in the [aznapi-external-authzn-services] stanza of this configuration file provided by ISAM:

The ivmgrd.conf configuration file for the policy server
The [instance-]ivacld.conf configuration file for the authorization server
The configuration file for configured external authorization service plug-ins for your resource managers
The aznAPI.conf configuration file is provided with ISAM as a sample file for creating our own resource manager configuration file. Developers of service plug-ins typically provide the standard functions. Before implementing service plug-ins, read and thoroughly understand the concepts in the Authorization C API Developer Reference.

policy-trigger
This stanza entry defines the authorization API service for external authorization service definitions that force authorization decisions to made based on application-specific criteria.

Parent topic: Configuration file stanza reference