Attributes may contain 0 to many values, known as a bag. When using operators or functions that can only take a single value, the policy author may write less-than-ideal code.
Define the attribute with a must-have cardinality of 1.
attribute single netTotal { type=double category=resourceCat }
This attribute can then be used with operators that take a single value or a bag of values (implicitly converted to a bag of 1). If the attribute has zero values, return an indeterminate decision.
Attributes may contain 0 to many values, known as a bag. When using operators or functions that can only take a single value, the policy author may write less-than-ideal code.
Ideally, the author would like to write.
Suggestions
Attributes defined as single value
Define the attribute with a must-have cardinality of 1.
This attribute can then be used with operators that take a single value or a bag of values (implicitly converted to a bag of 1). If the attribute has zero values, return an indeterminate decision.