keycloak-scim/authorization_services/topics/policy-logic.adoc

[[_policy_logic]]
= Positive and negative logic

Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.

For example, suppose you want to create a policy where only users *not* granted with a specific role should be given access. In this case,
you can create a role-based policy using that role and set its *Logic* field to *Negative*. If you keep *Positive*, which
is the default behavior, the policy result will be kept as it is.
[RHSSO-599] - Replacing link with fake 2016-11-29 15:30:53 +00:00			`[[_policy_logic]]`
KEYCLOAK-16923-FIX Revising Authorization Services Guide for Red Hat Standards (#1358) 2022-04-18 14:10:57 +00:00			`= Positive and negative logic`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.`
First bucket of documentation from docbook. 2016-05-31 20:36:14 +00:00
General cleanup and edits of the documentation 2016-11-15 21:34:20 +00:00			`For example, suppose you want to create a policy where only users not granted with a specific role should be given access. In this case,`
			`you can create a role-based policy using that role and set its Logic field to Negative. If you keep Positive, which`
Convert Authorization Service to a flat topic structure (#212) * Convert Authorization Service to a flat topic structure * Fix issue with toc being cut 2017-10-09 06:38:46 +00:00			`is the default behavior, the policy result will be kept as it is.`