Login to IS and go to PEP > TryIt
Lets look at the picture above and understand the input values for xacml request.
Here we are using the TryIt tool as the Policy Enforcement Point in XACML engine.
We are trying to send the request and enforce the policy and get the policy decision from PEP.
Lets fill out the input values as follows in the tool :-
1) Resource - the service name you have given in the policy
2) Subject Name :- the user trying to access . Here, we are sending the user id of the user, where the policy send the request to PIP to get the user informaiton
3) Action - We are mentioning the action of the user in this case is READ
4) Environment Name - since we haven't mentioned any in the policy , we do not have to input it here
Now lets look at the Request created by the TryIt tool. Click on the Create Request button.
The request is created with the values we have filled out.
Now lets Evaluate with PDP to get the decision. Click on Evaluate with PDP button.
You can see the decision is Permit.
You can go back and try to evaluate with different input values and see the decision of the PDP.
The policy only permits when user id 124 trying to READ.
Thank you and see you all soon :)
No comments:
Post a Comment