Before you begin
Create policies for resource instances, Create global security roles, or Create scoped security roles.
To increase the logical complexity of your
policies or role definitions, you can combine conditions. For example,
the policy in Figure 1 specifies 4 conditions, three of which,
Access occurs between specified hours
, Role:
Midwest
, and Role: Operator
, are combined. The
effect of all four policy conditions enables a user to access the
resource if any of the following is true:
MidWest
role and is either in the
Operator
or Deployer
role.Admin
role.The policy in Figure 1 uses both simple conditions, which contain a single predicate, and a compound condition which contains multiple predicates. You specify whether a condition is simple or complex at the time that you create the condition (for example, see Create policies for resource instances). Use compound conditions if you want to consider the two predicates as a single unit.
To combine conditions in a policy or role:
The order in which you create the conditions is insignificant. You can combine conditions that are not adjacent.
You can also select a block of combined conditions and use the Move Up or Move Down buttons for the entire block.