keycloak-scim/authorization_services/topics/policy/time-policy.adoc

55 lines
2.3 KiB
Text
Raw Normal View History

2016-11-29 15:30:53 +00:00
[[_policy_time]]
=== Time-Based Policy
2016-06-05 22:17:31 +00:00
You can use this type of policy to define time conditions for your permissions.
2016-06-05 22:17:31 +00:00
2017-04-25 22:52:57 +00:00
To create a new time-based policy, select *Time* in the dropdown list in the upper right corner of the policy listing.
.Add Time Policy
2017-01-05 16:54:31 +00:00
image:../../{{book.images}}/policy/create-time.png[alt="Add Time Policy"]
==== Configuration
2016-06-05 22:17:31 +00:00
* *Name*
+
A human-readable and unique string describing the policy. A best practice is to use names that are closely related to your business and security requirements, so you
can identify them more easily.
2016-06-05 22:17:31 +00:00
+
* *Description*
+
A string containing details about this policy.
2016-06-05 22:17:31 +00:00
+
* *Not Before*
+
Defines the time before which access must *not* be granted. Permission is granted only if the current date/time is later than or equal to this value.
2016-06-05 22:17:31 +00:00
+
+
* *Not On or After*
+
Defines the time after which access must *not* be granted. Permission is granted only if the current date/time is earlier than or equal to this value.
2016-06-05 22:17:31 +00:00
+
2016-09-08 22:58:55 +00:00
* *Day of Month*
+
Defines the day of month that access must be granted. You can also specify a range of dates. In this case, permission is granted only if the current day of the month is between or equal to the two values specified.
2016-09-08 22:58:55 +00:00
+
* *Month*
+
Defines the month that access must be granted. You can also specify a range of months. In this case, permission is granted only if the current month is between or equal to the two values specified.
2016-09-08 22:58:55 +00:00
+
* *Year*
+
Defines the year that access must be granted. You can also specify a range of years. In this case, permission is granted only if the current year is between or equal to the two values specified.
2016-09-08 22:58:55 +00:00
+
* *Hour*
+
Defines the hour that access must be granted. You can also specify a range of hours. In this case, permission is granted only if current hour is between or equal to the two values specified.
2016-09-08 22:58:55 +00:00
+
* *Minute*
+
Defines the minute that access must be granted. You can also specify a range of minutes. In this case, permission is granted only if the current minute is between or equal to the two values specified.
2016-09-08 22:58:55 +00:00
+
2016-06-05 22:17:31 +00:00
* *Logic*
+
2016-11-29 15:30:53 +00:00
The <<fake/../logic.adoc#_policy_logic, Logic>> of this policy to apply after the other conditions have been evaluated.
2016-09-08 22:58:55 +00:00
Access is only granted if all conditions are satisfied. {{book.project.name}} will perform an _AND_ based on the outcome of each condition.