{% hint style="info" %} Not available in Community Edition. {% endhint %}
Claims-based authorization allows for even more control of which users have access to which results. You can create a new claim policy with the New-UDAuthorizationPolicy cmdlet.
Policies are provided to the New-UDLoginPage cmdlet and can be assigned to resources by name.
For example, you could create a policy to check to see if the user is part of a group. The user is a ClaimsPrinciple object.
$AuthorizationPolicy = New-UDAuthorizationPolicy -Name "Policy" -Endpoint {
param($User)
$User.HasClaim("group", "administrator")
}
You could then assign the policy to a page. The policy would be evaluated when the user was loading the page.
New-UDPage -Name "Settings" -Content {
New-UDHeading -Text "Settings"
} -AuthorizationPolicy "Policy"
This works well with authentication methods that provide claims, like Azure Active Directory. You can then manage your users claims, like group membership, from within Azure rather than changing the code of your dashboard.
You can use the Get-UDAuthorizationPolicy cmdlet to return the list of policies that a user has been granted.
New-UDCard -Title "Authorized Card" -Endpoint {
$Policies = Get-UDAuthorizationPolicy
if ($Policies -contains "Admin")
{
New-UDHeading -Text "You are an Admin"
}
}