This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Creating an XACML Policy

Follow the instructions below to create an XACML policy.

1. Sign in. Enter your username and password to log on to the Management Console.

2. Click the "Main" button to access the "Entitlement" menu.

3. From the "Main" menu, select "Administration" under "Entitlement."

4. Click on the "Add New Entitlement Policy" link to access the "Create Entitlement Policy" page.

5. On the "Create Entitlement Policy" page, specify the required settings:

  • Entitlement Policy Name - Specify the name of the policy. This field is mandatory.
  • Rule Combining Algorithm- Select a rule-combining algorithm from the drop-down menu. The following algorithms are available:
    • deny-overrides
    • Permit-overrides
    • first-applicable
  • Entitlement Policy Description - Specify a description of the policy in the text area.

6. Specify the elements that the policy applies to:

  • Resource Names - Specify the name of a resource.
  • User/Role Name(s) - Specify a user or a role name.
  • User Attribute - Specify a user attribute.
  • Action Name - Specify an action name.
  • Environment Name - Specify the environment name.

Use the drop-down menu to select the level of matching with the specifications in the text field:

  • equals to
  • at-least-one-matching-member-of
  • at-least-one-matching-reg-ex-member-of
  • matching reg-ex to
  • a matching set of
  • a matching reg-ex set of

Tip

You can use the icons to select elements from storage. Click the appropriate icon to reach the "Advanced Search" page.

Select the required element and move it to the "Selected Attribute Values" box using the ">>" button.

7. Define Entitlement Rules.

  • Rule Name - Specify the role name. This field is mandatory.
  • Rule Effect - Select the rule effect: permit or deny.
  • Resource Names - Specify the resource name.
  • User/Role Name(s) - Specify a user or a role name.
  • User Attribute - Specify a user attribute.
  • Action Name - Specify the action name.
  • Environment Name - Specify the environment name.

Use the drop-down menu to select the level of matching with the specifications in the text field:

  • equals to
  • in
  • at-least-one-member-of
  • a sub set of
  • matching reg-ex to
  • a matching set of

Tip

You can use the icons to select elements from storage. Click the appropriate icon to reach the "Advanced Search" page.

Select the required element and move it to the "Selected Attribute Values" box using the ">>" button.

8. Click on the "Add" button.

9. A new role is displayed in the pane below.

From here, you can edit and delete the role.

10. Once all settings are specified, click on the "Finish" button.