Policies

Policies can be defined in a namespace, and referenced as part of a policy set.

In the example below GeneralAccess is being referenced in Finance and HR policy sets.

namespace AcmeCorp 
{
    import Oasis.Attributes

    // Employees have 24/7 access contractors only 08:00 until 18:00
    policy GeneralAccess 
    {
        apply firstApplicable

        rule 
        {
            target clause Subject.Role == "contractor"
            condition
             CurrentTime < "08:00:00":time and
             CurrentTime > "18:00:00":time 

            deny
        }

         rule {
            condition not (Subject.Role == "employee")
            deny
        }
    }

    policyset Finance
    {
        apply denyOverrides

        policy GeneralAccess
        policy PurchaseOrders
        policy Invoicing
    }

    policyset HumanResources
    {
        apply denyOverrides

        policy GeneralAccess
        policy HolidayApprovals
        policy Hires
    }
}