Conditions of application of the policies


#1

I have a question about the application of the policies.
I have created a policy that allows the assignment of tokens to the users that belong to a certain resolver, but it applies to all those that are validated in the system and not only to those of the resolver.
What options do I have to put in the definition of the policy?
Do I have to also put the domain to which it belongs?
So far I have only put the condition in the resolver.

image


#2

The user policy (assign) is governed by the check_base_action decorator. This does only honour the resolver from the parameter list.

So: It works as programmed! (You see I am neither using “designed” nor “intended”!) :wink:


#3

I do not know what is happening or what I am doing wrong, but the “Estudiantes” policy applies to all users of the system but I wanted it to only apply to the users who have accessed the system according to the “PRUEBAS-ESTUDIANTES” resolver. In this policy I allow the users of the “PRUEBAS-ESTUDIANTES” revolver the token assignment by SMS. In the policy “AccesoUsuarios” I allow the TOTP and HOTP token without domain restriction or resolve. But both policies apply to all users who access the system. I have tried to add options to the policies and the changes are correctly reflected when users log in again but I can not restrict the application of the policy to a specific resolver.