Authorization rules overview

Authorization rules are defined to specify conditions that must be met before access to a protected object is permitted.

A rule is created with a number of Boolean conditions that are based on data supplied to the authorization engine within the user credential. Data might be supplied from the resource manager application or from the encompassing business environment. The language of an authorization rule allows customers to work with complex, structured data by examining the values in that data and making informed access decisions. This information can be defined statically within the system or can be defined during a business process. Rules can also be used to implement extensible, attribute-based, authorization policy using attributes within the business environment or attributes from trusted external sources.

A ISAM authorization rule is a policy type like an access control list (ACL) or a protected object policy (POP). The rule is stored as a text rule within a rule policy object. The rule is attached to a protected object in the same way and with similar constraints as ACLs and POPs.

Parent topic: Authorization rules management