aam authorization policy

Authorization-policy configuration

policy Specification

Type Collection
Object Key(s) name
Collection Name policy-list
Collection URI /axapi/v3/aam/authorization/policy/
Element Name policy
Element URI /axapi/v3/aam/authorization/policy/{name}
Element Attributes policy_attributes
Schema policy schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/aam/authorization/policy/

policy Attributes

Create List

POST

/axapi/v3/aam/authorization/policy/

policy Attributes

Get Object

GET

/axapi/v3/aam/authorization/policy/{name}

policy Attributes

Get List

GET

/axapi/v3/aam/authorization/policy/

policy-list

Modify Object

POST

/axapi/v3/aam/authorization/policy/{name}

policy Attributes

Replace Object

PUT

/axapi/v3/aam/authorization/policy/{name}

policy Attributes

Replace List

PUT

/axapi/v3/aam/authorization/policy/

policy-list

Delete Object

DELETE

/axapi/v3/aam/authorization/policy/{name}

policy Attributes

policy-list

policy-list is JSON List of policy Attributes

policy-list : [

policy Attributes

attribute-list

Description: attribute-list is a JSON List . Please see below for attribute-list

Type: List

Reference Object: /axapi/v3/aam/authorization/policy/{name}/attribute/{attr-num}

attribute-rule

Description: Define attribute rule for authorization policy

Type: string

Format: string-rlx

name

Description: Specify authorization policy name

Type: string

Required: Yes

server

Description: Specify a LDAP or RADIUS server for authorization (Specify a LDAP or RADIUS server name)

Type: string

Format: string-rlx

Mutual Exclusion: server and service-group are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/server/ldap/instance

service-group

Description: Specify an authentication service group for authorization (Specify authentication service group name)

Type: string

Format: string-rlx

Mutual Exclusion: service-group and server are mutually exclusive

Reference Object: /axapi/v3/aam/authentication/service-group

user-tag

Description: Customized tag

Type: string

Format: string-rlx

uuid

Description: uuid of the object

Type: string

attribute-list

Specification
Type list
Block object keys

A10-AX-AUTH-URI

Description: Custom-defined attribute

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: A10-AX-AUTH-URI and attribute-name are mutually exclusive

a10-dynamic-defined

Description: The value of this attribute will depend on AX configuration instead of user configuration

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

attr-int

Description: ‘equal’: Operation type is equal; ‘not-equal’: Operation type is not equal; ‘less-than’: Operation type is less-than; ‘more-than’: Operation type is more-than; ‘less-than-equal-to’: Operation type is less-than-equal-to; ‘more-than-equal-to’: Operation type is more-thatn-equal-to;

Type: string

Supported Values: equal, not-equal, less-than, more-than, less-than-equal-to, more-than-equal-to

attr-int-val

Description: Set attribute value

Type: number

Range: 0-4294967295

attr-ip

Description: ‘equal’: Operation type is equal; ‘not-equal’: Operation type is not-equal;

Type: string

Supported Values: equal, not-equal

attr-ipv4

Description: IPv4 address

Type: string

Format: ipv4-address

attr-num

Description: Set attribute ID for authorization policy

Type: number

Range: 1-32

attr-str

Description: ‘match’: Operation type is match; ‘sub-string’: Operation type is sub-string;

Type: string

Supported Values: match, sub-string

attr-str-val

Description: Set attribute value

Type: string

Format: string-rlx

attr-type

Description: Specify attribute type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

attribute-name

Description: Specify attribute name

Type: string

Mutual Exclusion: attribute-name and A10-AX-AUTH-URI are mutually exclusive

custom-attr-str

Description: ‘match’: Operation type is match; ‘sub-string’: Operation type is sub-string;

Type: string

Supported Values: match, sub-string

custom-attr-type

Description: Specify attribute type

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

integer-type

Description: Attribute type is integer

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: integer-type string-type and ip-type are mutually exclusive

ip-type

Description: IP address is transformed into network byte order

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: ip-type string-type and integer-type are mutually exclusive

string-type

Description: Attribute type is string

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: string-type integer-type and ip-type are mutually exclusive

uuid

Description: uuid of the object

Type: string