Hi, we are getting issue with multiple policies/permission.
If User B is added to Policy A it works fine and retunes combined result of scope A,B,C,D
Both Policies are Positive and Both Permissions are Affirmative.
In Evaluate page it shows as expected but from Postman it gives error
JSON from Authorization Export
{
“allowRemoteResourceManagement”: false,
“policyEnforcementMode”: “ENFORCING”,
“resources”: [
{
“name”: “ResourceA”,
“type”: “urn:generic-rest-api:resources:employees”,
“ownerManagedAccess”: false,
“attributes”: {},
“_id”: “1b41c828-b78f-44da-84ab-e62a0b4843b5”,
“uris”: [
“/v1/employees/"
],
“scopes”: [
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:admindescription:view”
},
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:accessRole:view”
},
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:address:view”
}
]
},
{
“name”: “ResourceB”,
“type”: “urn:generic-rest-api:resources:employees”,
“ownerManagedAccess”: false,
“displayName”: “ResourceB”,
“attributes”: {},
“_id”: “6237e427-55ef-4c1e-9e3d-714e5bfe31c9”,
“uris”: [
"/v1/employees/”
],
“scopes”: [
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:admindescription:view”
},
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:companyid:view”
},
{
“name”: “urn:generic-rest-api:scopes:employees:attribute:authorizedAmount:view”
}
]
},
{
“name”: “Default Resource”,
“type”: “urn:employee-rest-api:resources:default”,
“ownerManagedAccess”: false,
“attributes”: {},
“_id”: “fb476666-f779-4a86-8234-d49e897f6405”,
“uris”: [
“/*”
]
}
],
“policies”: [
{
“id”: “1e08f5f3-a766-416b-9448-50716dd0580b”,
“name”: “PolicyB”,
“type”: “user”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“users”: “["UserB"]”
}
},
{
“id”: “8f90f109-0c7b-4caa-9620-50b7d36bd463”,
“name”: “Default Policy”,
“description”: “A policy that grants access only for users within this realm”,
“type”: “js”,
“logic”: “POSITIVE”,
“decisionStrategy”: “AFFIRMATIVE”,
“config”: {
“code”: “// by default, grants any permission associated with this policy\n$evaluation.grant();\n”
}
},
{
“id”: “c4ce02d8-cb2d-479f-ad22-82f092535b1b”,
“name”: “PolicyA”,
“type”: “user”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“users”: “["UserA"]”
}
},
{
“id”: “29f9ae37-afa9-4a98-864f-bc9f8dd7a783”,
“name”: “PermissionA”,
“type”: “resource”,
“logic”: “POSITIVE”,
“decisionStrategy”: “AFFIRMATIVE”,
“config”: {
“resources”: “["ResourceA"]”,
“applyPolicies”: “["PolicyA"]”
}
},
{
“id”: “3b71972f-3754-464d-99b6-f5c11e5962cc”,
“name”: “PermissionB”,
“type”: “resource”,
“logic”: “POSITIVE”,
“decisionStrategy”: “AFFIRMATIVE”,
“config”: {
“resources”: “["ResourceB"]”,
“applyPolicies”: “["PolicyB"]”
}
},
{
“id”: “3f21cf9d-f0b4-4b54-a3b9-5cbc4c1f060c”,
“name”: “Default Permission”,
“description”: “A permission that applies to the default resource type”,
“type”: “resource”,
“logic”: “POSITIVE”,
“decisionStrategy”: “AFFIRMATIVE”,
“config”: {
“defaultResourceType”: “urn:employee-rest-api:resources:default”,
“applyPolicies”: “["Default Policy"]”
}
}
],
“scopes”: [
{
“id”: “c14170f6-0ef7-416e-bde8-c394f6f3ed13”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:admindescription:view”
},
{
“id”: “1d88b211-7961-4a2b-bfae-696566366f1f”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:adusertype:view”
},
{
“id”: “bfa6a52a-46de-4e86-8c72-4ea738752cd0”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:accessRole:view”
},
{
“id”: “f646b5af-bcc4-42a5-b135-de5d0c78ac5b”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:address:view”
},
{
“id”: “50286c2a-b0b4-423b-ac99-9b7b64bdebee”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:authorizedAmount:view”
},
{
“id”: “08140d1b-1c51-4563-96c4-4f6a628e9933”,
“name”: “urn:generic-rest-api:scopes:employees:attribute:companyid:view”
}
],
“decisionStrategy”: “UNANIMOUS”
}