Network-based authorization algorithm
The authorization server uses an algorithm to process the conditions in a POP.
- Check ACL permissions. The ACL policy bypass (B) permission overrides POP authorization conditions on an object. This permission must be used only by a high-level administrator who needs full access to the protected object space.
- Verify Whether a rule is attached to the object, then verify that all the access decision information (ADI) is present for the coming rule evaluation. If it is not, then find it by querying one of the available sources.
- Check the IP endpoint authentication method policy on the POP.
- Check the time-of-day policy on the POP.
- Check the audit level policy on the POP.
- Check the authorization rule policy if a rule is attached to the object.
- If an external authorization service (EAS) operation or POP trigger applies to this access decision, then start the EAS that applies.
Parent topic: Protected object policy management