Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Advice that allows a policy writer to provide an error message containing the reason that a request has been denied.
↓Parent Component
↓Properties
↓dsconfig Usage
The Denied Reason Policy Advice component inherits from the Policy Advice
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ advice-id | None |
| ↓ evaluation-order-index | |
| ↓ error | |
| ↓ error-description | |
| ↓ status-code |
| Description | A unique identifier for the advice sub-type. |
| Default Value | request-denied-reason |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
evaluation-order-index (Read-Only)
| Description | If multiple Policy Advice are returned from a single policy request, then this property governs the order in which the Policy Advice will be processed by the Policy Enforcement Point. Policy Advice with a smaller value will be evaluated first. If multiple Policy Advice have the same evaluation-order-index, then their order of evaluation is indeterminate. |
| Default Value | 10 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A JEXL expression that returns a short error code or message. |
| Default Value | None |
| Allowed Values | application/jexl |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A JEXL expression that returns a more extensive error message, for example including information intended to assist the client developer in understanding the error that occurred. |
| Default Value | No error description is included in the response. |
| Allowed Values | application/jexl |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A JEXL expression that specifies the integer HTTP status code to be returned to the client. |
| Default Value | 403 |
| Allowed Values | application/jexl |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Advice:
dsconfig list-policy-advice
[--property {propertyName}] ...
To view the configuration for an existing Policy Advice:
dsconfig get-policy-advice-prop
--advice-name {name}
--rule-name {name}
--policy-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Advice:
dsconfig set-policy-advice-prop
--advice-name {name}
--rule-name {name}
--policy-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Denied Reason Policy Advice:
dsconfig create-policy-advice
--advice-name {name}
--rule-name {name}
--policy-name {name}
--type denied-reason
--set error:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Policy Advice:
dsconfig delete-policy-advice
--advice-name {name}
--rule-name {name}
--policy-name {name}