Use the Authorize By Role policy to authorize a request based on a role associated with the client. Unauthorized requests are rejected with a '403 Forbidden' error.
This Authorize By Role policy executes after the request has been authenticated.
Parameter Name | Description | Default Value | Example |
---|---|---|---|
Label | Required. The name for the API policy. | Authorize By Role | Task authorize by role |
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | True | request.method == "POST" |
Roles | The list of role names that should be authorized to access tasks. If the client is in any of these roles, the request is allowed to continue. | N/A | N/A |
Role | The name of the role that should be allowed access. | N/A | anonymous |
Condition | An expression that checks additional conditions that must be true before the request will be authorized. | N/A | request.method matches “HEAD”|”GET” |
Status | Indicates whether the API policy is enabled or disabled. | Enabled | Disabled |