Configuration file and initialization attributes

Configuration file and initialization attributes

A number of configuration file entries and initialization attributes are available to control aspects of the initialization of the rules evaluator within the authorization engine. The configuration entries are in the configuration file of the resource manager.
An example of this aznAPI.conf configuration file is provided in the example/authzn_demo/cpp directory of the ISAM Application Developer Kit (ADK) package. Configuration files are also used by ISAM resource management applications. These configuration entries can be added to the configuration file of these applications. See the application configuration file documentation for the specific Security Verify Access application.
Initialization attributes are the programmatic equivalent of configuration attributes and are intended to be used to develop a custom resource manager application. The authorization-rule-specific initialization attributes and the process of developing a custom resource manager aznAPI application are described in the Authorization C API Developer Reference.

resource-manager-provided-adi
The resource-manager-provided-adi configuration stanza entry defines the prefixes the authorization engine uses to determine the set of missing ADI from the resource manager.
dynamic-adi-entitlement-services
The dynamic-adi-entitlement-services configuration entry lists the service IDs of the dynamic ADI retrieval entitlement services. These services must be called by the authorization engine if ADI is missing from the requesting user credential or from the application context and cannot be gathered from the resource manager.
input-adi-xml-prolog and xsl-stylesheet-prolog
We can use the input-adi-xml-prolog and xsl-stylesheet-prolog configuration entries to change the XML and XSL prolog statements. These statements are appended to the ADI XML document and authorization rule style sheet before they are passed to the rules evaluator for processing.
[xmladi-attribute-definitions]
The [xmladi-attribute-definitions] stanza enables customers to add XML attribute definitions, such as XML namespace definitions, to the XMLADI document start tag.

Parent topic: Authorization rules management