Rules

As of Enforcer version 4.0.0, rules can be shared across policies. This removes the need to reuse rules by creating policies with just one rule or a fragile hierarchy of policies.

Example

The rule DenyOutOfHours is shared by policies PrivateParkingAccess and PublicParkingAccess.

namespace AcmeCorp.DoorPolicy {

    import Oasis.Functions.*
    import Oasis.Attributes.*

    policyset global {
        apply firstApplicable
    }

    attribute ParkingPermit { type=boolean category=resourceCat}

    rule DenyOutOfHours {
        condition not (CurrentTime >= "08:00:00":time &&
                       CurrentTime < "18:00:00":time)
        deny
    }

    policy PrivateCarParkAccess
    {
        target clause Resource=="PrivateCarPark" and Action=="Enter"
        apply denyOverrides

        rule DenyOutOfHours
        rule HasParkingPermit {
            condition ParkingPermit
            permit
        }
    }

    policy PublicCarParkAccess
    {
        target clause Resource=="PublicCarPark" and Action=="Enter"
        apply denyOverrides

        rule DenyOutOfHours
    }
}