Authorization - Altinn Apps - Policy
Description of the XACML Policy defined for a app
A App needs to have defined a Authoriation Policy that will be imported in to Policy Retrieval Point when a app is deloyed to a Altinn Apps/Platform environment.
The policy format follows XACML 3.0 and for every rule in the policy, there is attributes defining which resource, subject and which action it targets.
The org part of the resource attribute defines which org that owns the app
The app part of the identifies the app itself.
Task / Event
The task/event part of the resource makes it possible to have seperate rules for the different tasks
The below example show a part of XACML 3.0 Policy where a resource is identified.
SKD TaxReport Instansiate
The subject part of the target for the rule defines who the rule target
The role code is used for rule that target end users and systems
The org code is used for rule that target orgs
Example with rolecode
Example with org
Example with read action
The obligation part is used to define information that should be used by PEP. For Altinn Apps the minimum authentication level
On Github you can look at some full policy examples