keycloak-scim/authorization_services/topics/policy/logic.adoc

8 lines
546 B
Text
Raw Normal View History

2016-11-29 15:30:53 +00:00
[[_policy_logic]]
=== Positive and Negative Logic
Policies can be configured with positive or negative logic. Briefly, you can use this option to define whether the policy result should be kept as it is or be negated.
For example, suppose you want to create a policy where only users *not* granted with a specific role should be given access. In this case,
you can create a role-based policy using that role and set its *Logic* field to *Negative*. If you keep *Positive*, which
is the default behavior, the policy result will be kept as it is.