Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Policy advice that specifies the attributes that may be modified or created by a JSON request body for POST, PUT, or PATCH.
The payload for this advice is a JSON array of strings. Each string is interpreted as the name of a resource attribute that the client is allowed to modify, create, or delete. If the client request contains changes for any attribute not named by this advice, the request will be denied with a 403 Forbidden response. If multiple instances of Allow Attributes Advice are returned from policy, they are combined such that the union of all attributes named are allowed. The wild card string "*", if present in the array, indicates that any attributes may be modified by the request, and will override any other paths present in the policy result.
↓Parent Component
↓Properties
↓dsconfig Usage
The Allow Attributes Advice component inherits from the Advice
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ advice-id | None |
| ↓ decision-type | |
| ↓ evaluation-order-index |
| Description | A unique identifier for the advice type. This ID must match the "code" string returned from a policy decision request. |
| Default Value | allow-attributes |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A value indicating to what type of decisions this advice should be applied. |
| Default Value | PERMIT DENY |
| Allowed Values | PERMIT - Only applied to PERMIT decisions. DENY - Only applied to DENY decisions. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
evaluation-order-index (Read-Only)
| Description | If multiple Allow Attributes Advice are returned from a single policy request, then this property governs the order in which the Allow Attributes Advice will be processed by the Policy Enforcement Point. Obligatory Allow Attributes Advice are processed first. Within the set of obligatory or non-obligatory Allow Attributes Advice, those with a smaller evaluation-order-index will be evaluated first. If multiple Allow Attributes Advice have the same evaluation-order-index, then their order of evaluation is indeterminate. |
| Default Value | 20 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Advice:
dsconfig list-advice
[--property {propertyName}] ...
To view the configuration for an existing Advice:
dsconfig get-advice-prop
--advice-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Advice:
dsconfig set-advice-prop
--advice-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Allow Attributes Advice:
dsconfig create-advice
--advice-name {name}
--type allow-attributes
[--set {propertyName}:{propertyValue}] ...
To delete an existing Advice:
dsconfig delete-advice
--advice-name {name}