The Authorization Policy allows to add a list of fine-grained authorization rules. Use this policy to control precisely who is allowed to access the API.
This policy must be configured after one of the standard authentication policies like the BASIC Authentication policy or the Keycloak OAuth policy, because an authentication policy is responsible for extracting the authenticated user’s roles - and this is data, that is required for the Authorization policy to do its work.
The configuration of this policy consists of a number of rules that are applied to any inbound request to the API. Each rule consists of a regular expression pattern, an HTTP verb and the role that an authenticated user must possess in order for access to be granted.
Configuration Options
| Option | Type | Description | Possible Values | Default |
|---|---|---|---|---|
| Path | String | The pattern must match the request resource path you would like the policy to be applicable to. | - | - |
| HTTP method (Verb) | String | The HTTP method has to match the request you would like the policy to be applicable to. | * | * |
| User Role | String | This role must be assigned to the user if this pattern should match the request. | - | - |
| Multiple Match Action | Boolean | Set to true if all rules must match and to false if at least one rule must match. | at least one all | all (true) |
| Unmatched Request Action | Boolean | Set to true if you want the policy to pass when no rules are matched. Set to false if you want the request to fail if none of the rules match. | fail pass | fail (false) |
Overview
Content Tools