Use the Authorize By Role policy to authorize a request based on a role associated with the client. Unauthorized requests are rejected with a '403 Forbidden' error.
Policy Execution Order
This Authorize By Role policy executes after the request has been authenticated.
Expression Enabled Fields in API Policies All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.
| Parameter Name | Description | Default Value | Example |
|---|---|---|---|
| Label | Required. The name for the API policy. | Authorize By Role | Task authorize by role |
| When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | True | request.method == "POST" |
| Roles | The list of role names that should be authorized to access tasks. If the client is in any of these roles, the request is allowed to continue. | N/A | N/A |
| Role | The name of the role that should be allowed access. | N/A | anonymous |
| Condition | An expression that checks additional conditions that must be true before the request will be authorized. | N/A | request.method matches “HEAD”|”GET” |
| Status | Indicates whether the API policy is enabled or disabled. | Enabled | Disabled |