Authorize By Role

Use the Authorize By Role policy to authorize a request based on a role associated with the client. Unauthorized requests are rejected with a '403 Forbidden' error.

Policy Execution Order

This Authorize By Role policy executes after the request has been authenticated.

Expression Enabled Fields in API Policies

All expression enabled fields take expressions from the SnapLogic Expression Language and the API Policy Manager functions.

Parameter NameDescriptionDefault ValueExample
LabelRequired. The name for the API policy.Authorize By RoleTask authorize by role
When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.

For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.

Truerequest.method == "POST"
RolesThe list of role names that should be authorized to access tasks. If the client is in any of these roles, the request is allowed to continue.N/AN/A

The name of the role that should be allowed access.


An expression that checks additional conditions that must be true before the request will be authorized.

N/Arequest.method matches “HEAD”|”GET”

Indicates whether the API policy is enabled or disabled.