policy-trigger
This stanza entry defines the authorization API service for external authorization service definitions that force authorization decisions to made based on application-specific criteria.
policy-trigger = {short_name|path_to_dll} [-weight number] [ & params ...]
Define the authorization API service for external authorization service definitions that force authorization decisions to made based on application-specific criteria. Each stanza entry defines different types of aznAPI service, and each entry is the same format.
Options
- policy-trigger
- The policy trigger is the way that an external authorization service is started. It is either a service ID or an access control list (ACL) action string. For example, it can be my_service_1 or Trx. If the service is defined an ID, the service ID is used as an extended attribute on a POP that triggers the external authorization service when an object has this POP attached to it. If the service is defined with an ACL action string, the service is started when this ACL action mask is requested as part of an authorization decision.
The policy trigger can be any string that is recognized as a valid key name. The policy-trigger is case-sensitive, because the actions themselves are case-sensitive. However, the policy trigger is not case-sensitive if the trigger is a POP attribute.
- short_name|path_to_dll
- The path to the dynamic link library (DLL) containing the executable code for the service. If the DLL is in a directory that is normally searched by the system (for example, /usr/lib on AIX, Linux, and Solaris operating systems or the value of the PATH environment variable on Windows operating systems), do not specify the full path to the DLL. Specify only the DLL name. If we want a platform-independent DLL name, so it can be loaded on any supported platform, provide a short name. The short name is appended with known library prefixes and suffixes for each platform, and each possibility is searched in turn. For example, with a short name of azn_ent_user, the following names that are automatically searched for on each platform:
- AIX®
- libazn_ent_user.so
libazn_ent_user.a- Linux®
- libazn_ent_user.so
- Solaris
- libazn_ent_user.so
- Windows
- azn_ent_user.dll
- [-weight number]
- Optional: Specifies the weight assigned in the access decision process of the external authorization service. This option is an unsigned size_t value. This value signifies the weight. In the entire decision process, the weight is specified in any decision that is returned by the external authorization service. Default is 101.
- params
- Optional: Additional initialization information to pass to the external authorization service in the form of arguments. The arguments must be preceded by the ampersand (&); for example, & -server fred. The service definition is described in more detail in the Authorization C API Developer Reference.
Usage
Optional
Default value
There is no default value.
Parent topic: [aznapi-external-authzn-services] stanza