Aserto · Example Payload

Aserto Authorizer Examples

AuthorizationFine-Grained Access ControlRBACABACReBACPolicyOpen Policy AgentOPACloud-NativeSecurity

Aserto Authorizer Examples is an example object payload from Aserto, with 4 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

is_requestis_responsequery_requestdecisiontree_request

Example Payload

Raw ↑ 
{
  "is_request": {
    "summary": "Check if a user is allowed to perform an action",
    "value": {
      "identity_context": {
        "identity": "user@example.com",
        "type": "IDENTITY_TYPE_SUB"
      },
      "policy_context": {
        "path": "peoplefinder.GET.api.users.__id",
        "decisions": ["allowed"]
      },
      "policy_instance": {
        "name": "peoplefinder",
        "instance_label": "peoplefinder"
      },
      "resource_context": {
        "id": "user-123"
      }
    }
  },
  "is_response": {
    "summary": "Authorization decision response",
    "value": {
      "decisions": [
        {
          "decision": "allowed",
          "is": true
        }
      ]
    }
  },
  "query_request": {
    "summary": "Execute an arbitrary OPA query",
    "value": {
      "identity_context": {
        "identity": "user@example.com",
        "type": "IDENTITY_TYPE_SUB"
      },
      "policy_context": {
        "path": "peoplefinder",
        "decisions": ["allowed"]
      },
      "query": "x = data.peoplefinder.allowed",
      "input": "{\"resource\":{\"id\":\"user-123\"}}"
    }
  },
  "decisiontree_request": {
    "summary": "Get all decisions for a policy package",
    "value": {
      "identity_context": {
        "identity": "user@example.com",
        "type": "IDENTITY_TYPE_SUB"
      },
      "policy_context": {
        "path": "peoplefinder",
        "decisions": ["allowed", "visible"]
      },
      "resource_context": {}
    }
  }
}