Hi I need a policy where I can have multiple child resources. Policy is based on Resource where the Top level Resource is Customer and the child resources corresponding to that is 1. firstname , 2. lastname
Customer --
-- 1. firstname
-- 2. lastname
How to achieve this Policy using WSO2 identity server and Axiomatics Alfa Plugin or is there any other way to achieve this policy. I need a policy structure and the request for the same policy.
Your problem is not a technical problem but merely a modeling one. You need to agree on what your resource is and what your resource hierarchy is.
What I sometimes do is have a resource-type == customer record (in your case) and then a field-id == firstname.
What I'm doing is introducing 2 attributes to model a resource hierarchy:
It's one simple way to get things working.
EDIT - sample policy:
policy documentAccess{
target clause resourceType=="document" and actionId=="view"
apply firstApplicable
rule viewSSN{
target clause fieldId=="ssn"
condition subjectId==assignedPerson
permit
}
rule viewBalance{
target clause fieldId=="balance"
condition subjectId==assignedPerson
permit
}
rule viewOtherFields{
target clause fieldSensitive == false
permit
}
}