Class PerunPolicy


public class PerunPolicy extends Object
PerunPolicy represents a set of rules which is used to determine principal's access rights.

policyName is policy's unique identification which is used in the configuration file perun-roles.yml perunRoles is a list of maps where each map entry consists from a role name as a key and a role object as a value. Relation between each map in the list is logical OR and relation between each entry in the map is logical AND. Example list - (Map1, Map2...) Example map - key: VOADMIN ; value: Vo key: GROUPADMIN ; value: Group includePolicies is a list of policies names whose rules will be also included in the authorization. mfaRules is a list of maps where each map entry consists from the key 'MFA' and the value is either null or an object. If the value is null, the whole operation is considered as critical (thus requires MFA), however if an object is assigned, the operation is critical only if the object is critical as well.