Authorization - Altinn Apps - Policy

Description of the XACML Policy defined for a app

A App needs to have defined a Authoriation Policy that will be imported in to Policy Retrieval Point when a app is deloyed to a Altinn Apps/Platform environment.

The policy format follows XACML 3.0 and for every rule in the policy, there is attributes defining which resource, subject and which action it targets.

Resource Attributes

Org

The org part of the resource attribute defines which org that owns the app

App

The app part of the identifies the app itself.

Task / Event

The task/event part of the resource makes it possible to have seperate rules for the different tasks

Example

The below example show a part of XACML 3.0 Policy where a resource is identified.




  
    SKD
    
  
  
    TaxReport
    
  
  
    Instansiate
    
  




Subject Attributes

The subject part of the target for the rule defines who the rule target

Role Code

The role code is used for rule that target end users and systems

Org

The org code is used for rule that target orgs

Example

RolCode

Example with rolecode




  
    REGNA
    
  



Org

Example with org




  
    skd
    
  



Action Attributes

Example

Example with read action




    Read
      
    



Action ID

Obligation

The obligation part is used to define information that should be used by PEP. For Altinn Apps the minimum authentication level




    
      
        2
      
    
  


Full examples

On Github you can look at some full policy examples