I’m looking for advice on what I’m doing wrong regarding the usage of uma-policies.
I’ve set up a very simple policy on my resource that I would expect to evaluate to “deny to users in these groups”:
[
{
“id”:“8a828ce7-b095-4f47-8aca-82e63e407e6a”,
“name”:“pk_1_ash_test_1_not_groups”,
“description”:“users not in these groups”,
“type”:“uma”,
“scopes”:[“view”],
“logic”:“NEGATIVE”,
“decisionStrategy”:“AFFIRMATIVE”,
“owner”:“7eb2166b-37f8-493e-9e46-deb52bc85307”,
“groups”:[“/pk_1_1”]
}
]
Evaluation of this policy gives the opposite of what i’d expect.
I attempted to upload a second screenshot of the groups the user is a member of (/pk_1_1), but because i’m a new member it won’t let me.
If the user was in “pk_1_1” group, would this policy not DENY for the user?
