Novell Home

Speed It Up with Policy Builder

Novell Cool Solutions: Tip

Digg This - Slashdot This

Posted: 11 Nov 2004
 

Thanks to Cool Solutions reader Geoffrey Carman for sending in this tip. No surprise - it pays to use Policy Builder in Nsure Identity Manager!


A recent Cool Solutions article (http://www.novell.com/coolsolutions/dirxml/features/tips/t_select_user_group_nim.html) offers a method of detecting Users with a specific Group membership. The example is in DirXML-style XML code.

Just for fun, I wanted to see how long it would take to do the same thing with NSure Identity Manager's Policy Builder.

The answer? About 1 minute.

Solution

My example checks that the object is a User. Then if the user has a group membership that is not the one we care about, then Veto. (I suppose I should add something to make sure users without any group membership values would get vetoed as well. That would just be a matter of adding "OR group membership is not available," a simple Policy Builder tweak).

As you can see, Policy Builder is a very, very good thing!

Example:

<rule>
  <conditions>
    <and>
      <if-class-name op="equal">User</if-class-name>
      <if-attr name="Group Membership"
op="not-equal">\CDS_TREE\CDS\CDS_Cincy\TSMembers</if-attr>
    </and>
  </conditions>
  <actions>
    <do-veto/>
  </actions>
</rule>


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell