You are hereAttribute Based Access Control/SPM / ABAC Target

ABAC Target

A Target defines the subjects, objects, operations, and times for which a Policy, Policy Set, or Rule is applicable. Specifically, it defines a set of subjects, resources, actions, and environments for which the parent Policy Set, Policy, or Rule element will be used in fulfilling a decision request. If the current context does not match the target then the element will not be used in satisfying the decision request.


The Target is used to define subjects, resources, actions, and environment that may be easily indexed. This allows indexes to be built that provide fast matching between a decision request and associated policy. The method of specifying the matching set of attributes is therefore restricted to simplistic comparisons. The set of functions that may be used within a Target are known as matching functions and are a subset of the total set of functions provided by the RXSML language. Valid matching functions are:

  • equal
  • not-equal
  • greater-than
  • greater-than-or-equal
  • less-than
  • less-than-or-equal
  • regexp-match
  • dnsName-match
  • ipAddress-match