33 lines
1.3 KiB
Text
33 lines
1.3 KiB
Text
[[_policy_client_scope]]
|
|
= Client scope-based policy
|
|
|
|
You can use this type of policy to define conditions for your permissions where a set of one or more client scopes is permitted to access an object.
|
|
|
|
By default, client scopes added to this policy are not specified as required and the policy will grant access if the client requesting access has been granted any of these client scopes. However, you can specify a specific client scope as <<_policy_client_scope_required, required>> if you want to enforce a specific client scope.
|
|
|
|
To create a new client scope-based policy, select *Client Scope* from the policy type list.
|
|
|
|
.Add Client Scope Policy
|
|
image:images/policy/create-client-scope.png[alt="Add Client Scope Policy"]
|
|
|
|
== Configuration
|
|
|
|
* *Name*
|
|
+
|
|
A human-readable and unique string describing the policy. A best practice is to use names that are closely related to your business and security requirements, so you can identify them more easily.
|
|
+
|
|
* *Description*
|
|
+
|
|
A string containing details about this policy.
|
|
+
|
|
* *Client Scopes*
|
|
+
|
|
Specifies which client scopes are permitted by this policy.
|
|
+
|
|
* *Logic*
|
|
+
|
|
The logic of this policy to apply after the other conditions have been evaluated.
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
* <<_policy_logic, Positive and negative logic>>
|