Create Deny Authorization Policy Conditions
The following example shows how to create a condition to be evaluated by submitting a POST request on the REST resource using cURL. Conditions are referenced from Condition Groups. For more information about cURL, see Use cURL.
cURL Command
Note:
The command in this example uses the URL structurehttps://tenant-base-url/resource-path, where
tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See
Send Requests for the appropriate URL structure to use.
curl
-X POST
-H "Content-Type:application/scim+json"
-H "Authorization: Bearer <Access Token Value>"
https://tenant-base-url/admin/v1/ConditionsExample of Request Body - Group Condition
The following shows an example of the request body in JSON format:
{
"schemas":[
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name":"isInTheseGroups",
"attributeName":"user.groups[*].value",
"operator":"coany",
"attributeValue":"[\"<group guid>\"]"
}Example of Response Body - Group Condition
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name": "isInTheseGroups",
"attributeName": "user.groups[*].value",
"operator": "coany",
"attributeValue": "[\"6d89b1f9b5b84753926b3aedbf71c289\"]",
"id": "c25d88b87320467da4467b2a12168cec",
"meta": {
"created": "2018-10-21T15:24:08.007Z",
"lastModified": "2018-10-21T15:24:08.007Z",
"resourceType": "Condition",
"location": "https://tenant-base-url/admin/v1/Conditions/c25d88b87320467da4467b2a12168cec"
},
"idcsCreatedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
},
"idcsLastModifiedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
}
}Example of Request Body - User not in Condition
The following shows an example of the request body in JSON format:
{
"schemas":[
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name":"isNotInTheseUsers",
"attributeName":"user.userName",
"operator":"nin",
"attributeValue":"[\"<user name>\"]"
}Example of Response Body - User not in Condition
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name": "isNotInTheseUsers",
"attributeName": "user.userName",
"operator": "nin",
"attributeValue": "[\"bf11562fd0dd4fda85fde3690b104dd3\"]",
"id": "16a2cd31f0114adc856fadb06a18648c",
"meta": {
"created": "2018-10-21T15:25:17.519Z",
"lastModified": "2018-10-21T15:25:17.519Z",
"resourceType": "Condition",
"location": "https://tenant-base-url/admin/v1/Conditions/16a2cd31f0114adc856fadb06a18648c"
},
"idcsCreatedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
},
"idcsLastModifiedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
}
}Example of Request Body - Administrator Role Condition
The following shows an example of the request body in JSON format:
{
"schemas":[
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name":"idcsAdminRole",
"attributeName":"user.urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User:appRoles[*].adminRole",
"operator":"co",
"attributeValue":"[\"true\"]"
}Example of Response Body - Administrator Role Condition
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name": "idcsAdminRole",
"attributeName": "user.urn:ietf:params:scim:schemas:oracle:idcs:extension:user:User:appRoles[*].adminRole",
"operator": "co",
"attributeValue": "[\"true\"]",
"id": "e742c4b2a391451da6dfc42dfd8a4c7d",
"meta": {
"created": "2018-10-21T15:25:39.399Z",
"lastModified": "2018-10-21T15:25:39.399Z",
"resourceType": "Condition",
"location": "https://tenant-base-url/admin/v1/Conditions/e742c4b2a391451da6dfc42dfd8a4c7d"
},
"idcsCreatedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
},
"idcsLastModifiedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
}
}Example of Request Body - Network Perimeter Condition
The following shows an example of the request body in JSON format:
{
"schemas":[
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name":"SubjectIPAddress",
"attributeName":"subject.ip",
"operator":"eq",
"attributeValue":"#inIPRange(\"<Network perimeter id>\")"
}Example of Response Body - Network Perimeter Condition
The following example shows the contents of the response body in JSON format:
{
"schemas": [
"urn:ietf:params:scim:schemas:oracle:idcs:Condition"
],
"name": "SubjectIPAddress",
"attributeName": "subject.ip",
"operator": "eq",
"attributeValue": "#inIPRange(\"83bad53f0a50454d909a4709d1335e0d\")",
"id": "4d7afc63249943a3b6136876f30f7860",
"meta": {
"created": "2018-10-21T15:27:45.819Z",
"lastModified": "2018-10-21T15:27:45.819Z",
"resourceType": "Condition",
"location": "https://tenant-base-url/admin/v1/Conditions/4d7afc63249943a3b6136876f30f7860"
},
"idcsCreatedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
},
"idcsLastModifiedBy": {
"value": "bf11562fd0dd4fda85fde3690b104dd3",
"type": "User",
"display": "admin opc",
"$ref": "https://tenant-base-url/admin/v1/Users/bf11562fd0dd4fda85fde3690b104dd3"
}
}