The Authorization Policy allows to add a list of fine-grained authorization rules. Use this policy to control precisely who is allowed to access the API.
This policy must be configured after one of the standard authentication policies like the BASIC Authentication policy or the Keycloak OAuth policy, because an authentication policy is responsible for extracting the authenticated user’s roles - and this is data, that is required for the Authorization policy to do its work.
The configuration of this policy consists of a number of rules that are applied to any inbound request to the API. Each rule consists of a regular expression pattern, an HTTP verb and the role that an authenticated user must possess in order for access to be granted.
Configuration Options
Option
Type
Description
Possible Values
Default
Path
String
The pattern must match the request resource path you would like the policy to be applicable to.
-
-
HTTP method (Verb)
String
The HTTP method has to match the request you would like the policy to be applicable to.
* GET POST PUT DELETE OPTIONS HEAD TRACE CONNECT
*
User Role
String
This role must be assigned to the user if this pattern should match the request.
-
-
Multiple Match Action
Boolean
Set to true if all rules must match and to false if at least one rule must match.
at least one all
all (true)
Unmatched Request Action
Boolean
Set to true if you want the policy to passwhen no rules are matched. Set to false if you want the request to fail if none of the rules match.