Sun IDM 8.1: Rules

Overview
Referencing Rules
Secure Rules
1. Put Rules in an Appropriate Org
2. Use Authorization Types to Secure Rules
Identity Manager Default Rules
References

Overview

What’s the Rule

* Rule is similar to Java methods:
– can take input parameters
– can return a value
* Rule can be written in following languages:
– XPRESS
– XML Object
– JavaScript
* Rule can also reference and modify variables maintained by a form or workflow.
– You can use localScope=”true” to disallow this behavior.
* Rule can be referenced wherever XPRESS is allowed:
– Forms
– Workflows
– Roles: Use a role-assignment rule to dynamically assign owners and approvers to a role.
– Active Sync: Use Process or Correction rules to control what happens when an Active Sync-enabled adapter detects changes to a resource account.
– Reconciliation: Use special rule subtypes (such as confirmation and correlation rules) during reconciliation.
* For moralization, multiple rules can be organized into a Rule Library which is a single XML configuration object.

Returning Static Values

* You can use XML Object syntax:

<Rule name='UnixHostList'>
	<List>
		<String>aas</String>
		<String>ablox</String>
		<String>aboupdt</String>
	</List>
</Rule>

Referencing Variables

* Use <ref> expression

<Rule name='Build Email'> 
   <concat> 
      <substr> 
         <ref>global.firstname</ref> 
         <i>0</i> 
         <i>1</i> 
      </substr> 
      <ref>global.lastname</ref> 
      <s>@example.com</s> 
   </concat> 
</Rule>

Declare Rule Arguments

* Rule arguments:
– promotes reuse
– helps rule development
* Use <RuleArgument> to declare rule arguments:
– Use value attribute to specify default value.

<Rule name='description'> 
   <RuleArgument name='UserId'/> 
   <RuleArgument name='location' value='Austin'/> 
   <concat> 
      <ref>UserId</ref> 
      <s>@</s> 
      <ref>location</ref> 
   </concat> 
</Rule>

* Pass in rule argument values:

<rule name='description'> 
   <argument name='UserId' value='$(waveset.accountId)'/> 
   <argument name='location' value='global.location'/> 
</rule>

* You can lock argument default value with locked attribute:

<RuleArgument name='domain' value='example.com' locked='true'> 
  <Comments>The corporate domain name</Comments> 
</RuleArgument>

Assign Values to External Variables in Rules

* Similar to assign values to class variables in Java classes
* You can use following expressions to assign values:
<setvar>
<setlist>
<putmap>

Wrap JavaScript in Rules

<Rule name='Build Email'> 
   <script> var firstname = env.get('firstname'); var lastname = env.get('lastname'); 
var email = firstname.substring(0, 1) + lastname + "@example.com"; email; </script> 
</Rule>

Referencing Rules

Basic Syntax

* Examples:

<rule name='Build Email'/>
 
<rule name='getEmployeeId'>
    <argument name='accountId' value='jsmith'/>
</rule>
 
<rule name='getEmployeeId'>
    <argument name='accountId'>
       <ref>user.waveset.accountId</ref>
    </argument>
</rule>
 
<rule name='getEmployeeId'>
    <argument name='accountId' value='$(user.waveset.accountId)'/>
</rule>

Invoking Rules in a Library

* Prefix rule library with colon:

<rule name='Account ID Rules:First Dot Last'/>

Ensure Explicit Rule Arguments

* Use localScope=’true’ to restrict that rules can only reference values that are passed in explicitly as arguments

<Rule name='generateEmail' localScope='true'> 
   <RuleArgument name='firstname'> 
      <Comments>The first name of a user</Comments> 
   </RuleArgument> 
   <RuleArgument name='lastname'> 
      <Comments>The last name of a user</Comments> 
   </RuleArgument> 
   <RuleArgument name='domain' value='example.com'> 
      <Comments>The corporate domain name</Comments> 
   </RuleArgument> 
   <concat> 
      <ref>firstname</ref> 
      <s>.</s> <em>
      <ref>lastname</ref> 
      <s>@</s> 
      <ref>domain</ref> 
   </concat> 
</Rule>

Secure Rules

Put Rules in an Appropriate Org

Use Authorization Types to Secure Rules

* Define a new authorization type in the AuthorizationTypes configuration object, e.g.

<AuthType name='Marketing Rule' extends='Rule'/>

* Define a new AdminGroup Capability Definition:

<AdminGroup name='Marketing Admin'>
  <Permissions>
    <Permission type='Marketing Rule' rights='View,List,Connect,Disconnect'/>
  </Permissions>
  <AdminGroups>
    <ObjectRef type='AdminGroup' id='#ID#Account Administrator'/>
  </AdminGroups>
</AdminGroup>

* Secure rule:

<Rule name='Competitive Analysis Info' authType='Marketing Rule'>
 ...
</Rule>

Identity Manager Default Rules

* Identity Manager Rules
* Auditor Rules
* Audit Policy Rules
* Service Provider Rules

References

* Chapter 4 Working with Rules

Contents

Overview

What’s the Rule

Returning Static Values

Referencing Variables

Declare Rule Arguments

Assign Values to External Variables in Rules

Wrap JavaScript in Rules

Referencing Rules

Basic Syntax

Invoking Rules in a Library

Ensure Explicit Rule Arguments

Secure Rules

Put Rules in an Appropriate Org

Use Authorization Types to Secure Rules

Identity Manager Default Rules

References

Leave a Reply Cancel reply

Meta

Categories

Sun IDM 8.1: Rules

Contents

Overview

What’s the Rule

Returning Static Values

Referencing Variables

Declare Rule Arguments

Assign Values to External Variables in Rules

Wrap JavaScript in Rules

Referencing Rules

Basic Syntax

Invoking Rules in a Library

Ensure Explicit Rule Arguments

Secure Rules

Put Rules in an Appropriate Org

Use Authorization Types to Secure Rules

Identity Manager Default Rules

References

Leave a Reply Cancel reply

Meta

Categories

Tags