When policy evaluation is requested via the polices endpoint and the resource exists in two policy sets, even though the application property defines one policy set, scripted environment conditions configured in both policy sets will run.
- Install AM with embedded stores.
- Create realm: myrealm
- Create POLICY_CONDITION script : scriptA (example attached)
- Create POLICY_CONDITION script : scriptB (example attached)
- Create resource type: MyResourceType with pattern: MyResource
- Create policy set: PolicySetA with policy:PolicyA, Resources: MyResource, Subjects: AuthenticatedUsers, Environments: scriptA
- Create policy set: PolicySetB with policy:PolicyB, Resources: MyResource, Subjects: AuthenticatedUsers, Environments: scriptB
- Add privilege 'Read and write access to all realm and policy properties' for user making request
- Enable message level debugging for the server
- Request policy evaluation specifying application property: PolicySetA and resource MyResource (example attached)
This issue does not occur in AM versions 6.x