Before you begin
Create policies for resource instances, Create global security roles, or Create scoped security roles.
To increase the logical complexity of your policies or role definitions,
you can combine conditions. For example, the policy in Figure 1 specifies 4 conditions, three
of which, Access occurs between specified hours
,
Role: Midwest
, and Role: Operator
, are combined. The effect
of all four policy conditions enables a user to access the resource if any of the following
is true:
MidWest
role and is either in the Operator
or Deployer
role.Admin
role.The policy in Figure 1 uses both simple conditions, which contain a single predicate, and a compound condition which contains multiple predicates. You specify whether a condition is simple or complex at the time that you create the condition (for example, see Create policies for resource instances). Use compound conditions if you want to consider the two predicates as a single unit.
To combine conditions in a policy or role:
The order in which you create the conditions is insignificant. You can combine conditions that are not adjacent.
You can also select a block of combined conditions and use the Move Up or Move Down buttons for the entire block.