Skip to main content

XACML policies

For its Authorization feature, Talend ESB is using three types of XACML policies: the Role Policies, the Permission Assignment Policies, and the Permission Policies. Their role can be summarized as follows:

  1. A PDP receives a request from a PEP, which contains the resource, action, role, date, and some other optional data.

  2. The PDP first goes through the Role Policies it has to try to match the given role name.

  3. If it finds a match, then it finds the Permission Policies that are referenced via the Permission Assignment Policy associated with the Role Policy.

  4. It matches these policies against the request: the resource and the action name.

  5. If they all match then the authorization decision is "permit".

    Otherwise, it is "deny" or "indeterminate".

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!