- What's New
- Service Overview
- Getting Started
- User Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Instance Management
- Access Control Attribute Management
-
Permission Set Management
- Adding a System-defined Identity Policy
- Deleting a Permission Set
- Querying Permission Set Details
- Updating a Permission Set
- Deleting a System-defined Identity Policy
- Querying Details About a Custom Identity Policy
- Adding a Custom Identity Policy
- Deleting a Custom Identity Policy
- Listing Accounts Associated with a Permission Set
- Listing System-defined Identity Policies
- Listing Pre-provisioning Statuses of Permission Sets
- Listing Permission Sets
- Creating a Permission Set
- Listing Permission Sets Provisioned to an Account
- Pre-provisioning a Permission Set
- Querying Pre-attachment Status Details of a Permission Set
- Adding a System-defined Policy
- Deleting a System-defined Policy
- Listing System-defined Policies
-
Account Assignment Management
- Removing Account Assignments
- Querying Details about the Account Assignment Creation Status
- Listing Account Assignment Creation Statuses
- Listing Account Assignment Deletion Statuses
- Listing Users or Groups Associated with an Account and a Permission Set
- Creating Account Assignments
- Querying Details about the Account Assignment Deletion Status
- Tag Management
- User Management
- Group Management
- Group Membership Management
- SCIM User Management
- SCIM Group Management
- Service Provider (SP) Management
- Client Management
- Token Management
- Device Authorization Management
- Authorization Management
- Account Management
- Agency Management
- Credentials Management
- Appendixes
- Change History
- General Reference
Show all
Copied.
Supported User Attributes
You can choose IAM Identity Center or an external identity provider as your identity source. The following table lists the user attributes that support ABAC for the two identity sources. These user attributes can be selected during the configuration of access control attributes. These attribute values include basic information, contact information, work-related information, and address information of users. You can select these user attributes and assign attribute keys to them for access control decisions when performing ABAC.
If you use an external identity provider as the identity source, you can configure user attributes for performing ABAC in both IAM Identity Center and the external identity provider. If the ABAC attribute keys configured in IAM Identity Center are the same as those configured in the external identity provider, the former is preferentially used for access control decisions.
Identity Source |
User Attribute |
---|---|
IAM Identity Center |
${user:email} |
${user:familyName} |
|
${user:givenName} |
|
${user:middleName} |
|
${user:name} |
|
${user:displayName} |
|
External identity provider |
${path:userName} |
${path:name.familyName} |
|
${path:name.givenName} |
|
${path:displayName} |
|
${path:nickName} |
|
${path:emails[primary eq true].value} |
|
${path:addresses[type eq "work"].streetAddress} |
|
${path:addresses[type eq "work"].locality} |
|
${path:addresses[type eq "work"].region} |
|
${path:addresses[type eq "work"].postalCode} |
|
${path:addresses[type eq "work"].country} |
|
${path:addresses[type eq "work"].formatted} |
|
${path:phoneNumbers[type eq "work"].value} |
|
${path:userType} |
|
${path:title} |
|
${path:locale} |
|
${path:timezone} |
|
${path:enterprise.employeeNumber} |
|
${path:enterprise.costCenter} |
|
${path:enterprise.organization} |
|
${path:enterprise.division} |
|
${path:enterprise.department} |
|
${path:enterprise.manager.value} |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot