Policy Custom Attributes
    • 30 Mar 2025
    • 2 Minutes to read
    • Dark
      Light
    • PDF

    Policy Custom Attributes

    • Dark
      Light
    • PDF

    Article summary

    Overview

    Policy Custom Attributes enhance management processes and improve visibility by allowing you to tailor metadata to your specific needs, leveraging the generic custom Attributes for greater flexibility. This feature enables users to define custom Attributes at the Environment level, supporting a more adaptive Policy experience. These Attributes are configured at the Environment level and are reflected in the UI, PDP, and Policy Code.

    Managing Policy Custom Attributes

    Creating Policy Custom Attributes

    To manage additional metadata for your Policy (optional), you first need to configure custom Attributes. You can create, update, or delete these Attributes directly from the Environment Settings. Custom Attributes can be managed both before and after a Policy is created, offering flexibility in their implementation.

    To create and manage Policy Custom Attributes:

    1. Click the three vertical dots next to your Environment name to open Environment Settings.
    2. In the Environment Settings screen, select Policy Custom Attributes.
    3. Click New Attribute.
    4. Input a Display Name. This is the name that appears in Policy Details.
    5. Input a Policy Custom Attribute ID. This ID is used in Policy Code and PDP.
    6. Specify the Attribute Type (String or Numeric).
    7. Enable or disable the Value List toggle. If enabled, the Attribute can be selected from a predefined list. If disabled, it allows free-text input.
    8. Define whether the Attribute is Required.
    9. Set a Default Value.
    10. Specify whether the Attribute can be updated.
    11. Set Attribute as Singular or Multi Value.
    12. Define the Maximum length (strings) or Maximum Value (numeric attributes).
    13. Enable or disable the Attribute for the PDP to determine if it is included in evaluation responses.
    14. Click Create to finalize the configuration.

    Policy Custom Attribute Display Order

    After creating Policy Custom Attributes, you can drag and drop Attributes to customize their order in the list to control the Attribute display order.

    Editing Policy Custom Attributes

    To ensure that your edits take effect in the Policy, the Policy itself needs to be edited and saved after saving the Policy Custom Attribute changes.

    To edit a Policy Custom Attribute:

    1. Click the three vertical dots next to your Environment name to open Environment Settings.
    2. In the Environment Settings screen, select Policy Custom Attributes.
    3. Click Edit.
    4. Modify the relevant fields.
    5. Click Save.

    Deleting Policy Custom Attributes

    Once a Policy Custom Attribute is deleted, the Attribute value is removed from all Policies.

    To delete a Policy Custom Attribute:

    1. Click the three vertical dots next to your Environment name to open Environment Settings.
    2. In the Environment Settings screen, select Policy Custom Attributes.
    3. Hover over the Policy Custom Attribute you wish to delete.
    4. Click the trash icon.
    5. A warning message appears. Click Delete to confirm.

    These Attributes are configured at the Environment level and are reflected in the UI, Policy Code, and PDP.

    Policy Authoring
    As part of the Policy Authoring experience, you can manage Custom Attributes (metadata) from the UI under the Policy Details section or the Policy Code in the customAttributes section, which contains the Attribute names and their defined values.

    Enriching the PDP
    When Attributes have been enabled for use in the PDP appear in the UI, they can be included in the PDP response by enabling includeAccessPolicy parameter in the code as well. This allows for the inclusion of permission metadata in the PDP response, providing insights into the applied Policies. Custom Attributes are also displayed in the Structured Rego Policy metadata section.

    See the relevant API for more information on permission metadata in the response.


    Was this article helpful?