authelia/docs/content/reference/guides/rule-operators.md

3.6 KiB

title description summary date draft images weight toc seo
Access Control Rule Guide A reference guide on access control rule operators This section contains a reference guide on access control rule operators. 2022-10-19T14:09:22+11:00 false
220 true
title description canonical noindex
false

Operators

Rule operators are effectively words which alter the behavior of particular access control rules. The following table is a guide on their use.

Operator Effect
equal Matches when the item value is equal to the provided value
not equal Matches when the item value is not equal to the provided value
present Matches when the item is present with any value
absent Matches when the item is not present at all
pattern Matches when the item matches the regex pattern
not pattern Matches when the item doesn't match the regex pattern

Multi-level Logical Criteria

Criteria which is described as multi-level logical criteria indicates that it is a list of lists. The first level i.e. the list least indented to the right will be referred to the OR-list, and the list most indented to the right will be referred to the AND-list.

The OR-list matches if any of the criteria from it's AND-list's matches; in other words, a logical OR. The AND-list matches if all of it's criteria matches the given request; in other words, a logical AND.

In addition to these rules, if the AND-list only needs one item, it can be represented without the second level.

Examples

List of Lists

The following examples show various abstract examples to express a rule that matches either c, or a AND b; i.e (a AND b) OR (c). In relation to access control rules all of these should be treated the same. This format should not be used for the configuration item type list(list(object)), see List of List Objects instead.

Fully Expressed
rule:
  - - 'a'
    - 'b'
  - - 'c'
Omitted Level
rule:
  - - 'a'
    - 'b'
  - 'c'
Compact
rule:
  - ['a', 'b']
  - ['c']
Compact with Omitted Level
rule:
  - ['a', 'b']
  - 'c'
Super Compact
rule: [['a', 'b'], ['c']]

List of List Objects

The following examples show various abstract examples that mirror the above rules however the AND-list is a list of objects where the key is named value. This format should only be used for the configuration item type list(list(object)), see List of Lists if you're not looking for a list(list(object))

Fully Expressed
rule:
  - - value: 'a'
    - value: 'b'
  - - value: 'c'
Omitted Level
rule:
  - - 'a'
    - 'b'
  - value: 'c'
Compact
rule:
  - ['a', 'b']
  - ['c']
Compact with Omitted Level
rule:
  - ['a', 'b']
  - 'c'
Super Compact
rule: [['a', 'b'], ['c']]