The PingOne policy decision service provides an action for runtime evaluation of decision requests against a given policy decision resource.
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
parameters |
Object | Required | Mutable | An object that specifies the evaluation parameters required by the policy. |
userContext.environment.id |
UUID | Optional | Mutable | A string that specifies the environment’s unique identifier. |
userContext.user.id |
UUID | Optional | Mutable | A string that specifies the user’s unique identifier. |
| Property | Type? | Required? | Mutable? | Description |
|---|---|---|---|---|
authorizationVersion.id |
UUID | Optional | Mutable | A string that specifies the ID of the authorization version deployed to this endpoint. Versioning allows independent development and deployment of policies. If omitted, the endpoint always uses the latest policy version available from the policy editor service. |
id |
UUID | Required | Mutable | A string that specifies the resource’s unique identifier. |
correlationId |
UUID | Optional | Mutable | A string that specifies the decision evaluation correlation ID. |
decision |
String | Required | Mutable | A string that specifies the decision result. Options are PERMIT, DENY, NOT_APPLICABLE, and INDETERMINATE. |
elapsedMicroseconds |
Integer | Optional | Mutable | An integer that specifies the evaluation duration in microseconds. |
status.code |
String | Optional | Mutable | A string that specifies the status. Options are OKAY, MISSING_ATTRIBUTE, TYPE_CONVERSION_ERROR, PROCESSING_ERROR, and TIMEOUT. |
status.message |
String | Optional | Mutable | A string that specifies the description of the error. |
statements.id |
UUID | Required | Mutable | A string that specifies the statement’s unique identifier. |
statements.name |
String | Required | Mutable | A string that specifies the statement name. |
statements.code |
UUID | Optional | Mutable | A string that specifies the the statement code. Options are ANSWER. |
statements.payload |
Object | Optional | Mutable | An object that specifies statement payload. |
timestamp |
String | Optional | Mutable | A string that specifies the time the evaluation was executed. |
| Link | Description |
|---|---|
profile |
A string that specifies the URL for the decision request’s associated profile. |
authorizationVersion.href |
A string that specifies the URL for the authorization version endpoint. |
authorizationVersion.profile |
A string that specifies the URL for the authorization version profile. |
policy.href |
A string that specifies the URL for the policy endpoint. |
policy.profile |
A string that specifies the URL for the policy profile. |
statements.href |
A string that specifies the URL for the statements endpoint. |
statements.profile |
A string that specifies the URL for the statements profile. |
The audit reporting events applicable to the policy decision service are:
| Topic | Event |
|---|---|
decision-endpoints |
DECISION_ENDPOINT.DECISION_REQUEST_EVALUATED |
authorize-editor |
ENVIRONMENT.INITIALIZED |
The decision event format returned by a DECISION_ENDPOINT.DECISION_REQUEST_EVALUATED event uses terse keys to reduce storage requirements. The following table explains the meaning of each key returned in the decision event response.
| Key | Description |
|---|---|
enm |
The name of the endpoint against which the decision request was evaluated. |
eid |
The ID of the endpoint against which the decision request was evaluated. |
pid |
The ID of the PingOne Authorize Policy that was deployed to the endpoint at the time the decision request was evaluated. |
ver |
The ID of the version that was deployed to the endpoint at the time the decision request was evaluated. |
dec |
The overall decision produced. |
sce |
The JSON object describing the scenario (the decisions produced by individual policies and rules that contributed to the overall decision). |
sce.P |
The list of the IDs of the policies and rules that produced the decision PERMIT. |
sce.D |
The list of the IDs of the policies and rules that produced the decision DENY. |
sce.I |
The list of the IDs of the policies and rules that produced the decision INDETERMINATE. |
exe |
The time taken to evaluate the decision request (in microseconds). |
att |
The JSON array giving the names and values of PingOne Authorize Attributes that have been explicitly marked for logging. |
att.n |
The attribute name. |
att.v |
The attribute value. |
svc |
The JSON array giving the names and values of PingOne Authorize Services that were invoked as part of the decision request evaluation. |
svc.n |
The attribute name. |
svc.v |
The attribute value. |
| Code | Message |
|---|---|
| 200 | Successful operation. |
| 400 | The request could not be completed. |
| 401 | You do not have access to this resource. |
| 403 | You do not have permissions or are not licensed to make this request. |
| 404 | The requested resource was not found. |