My scenario is I have a Policy with several rules and all the rules need to be true for the policy to be true. For example:
Policy A
- Rule 1
- Rule 2
- Rule 3
For Policy A
to be applicable, i need all three Rules to return true, and if even one of them return false, It should go check the other policies in my policyset
What i have right now is
<!-- shortened for brevity -->
<Policy RuleCombiningAlgId="...:deny-overrides">
<Rule id="1" Effect="Permit">
...
</Rule>
<Rule id="2" Effect="Permit">
...
</Rule>
<Rule id="3" Effect="Permit">
...
</Rule>
</Policy>
I think my problem is that the none of my rules return "Deny" but i initially thought that if it's not permit, it should be deny. I thought of putting a not on all of my rules but that would make it inelegant.
If it's relevant, I am using the Authzforce library.