do-remove-resource

The <do-remove-resource> action initiates a request to the Roles Based Provisioning Module (RBPM) to revoke the Resource assignment specified by resource-id for an Identity. The target Identity is specified by either <arg-dn> or <arg-association> if specified or by the current object otherwise. If specified by <arg-dn>, the DN must in LDAP format. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Resource assignment request may be specified by named <arg-string>'s.

Name Description

description

A description of the reason for the request used for auditing purposes.
Default: Request generated by policy.

If any type of error occurs while requestion the resource assignment, the error string will be available to the enclosing policy in the local variable named error.do-remove-resource. Otherwise that local variable will be unavailable.

Example

<do-remove-resource
    id="CN=UAAdmin,OU=Sa,O=Data"
	url="http://localhost:8080/IDMProv"
	resource-id="CN=Computer,CN=ResourceDefs,CN=RoleConfig,CN=AppConfig,CN=UserApplication,CN=DriverSet,O=System">
  <arg-password>
    <token-named-password name="resource-admin"/>
  </arg-password>
  <arg-string name="description">
    <token-text>Requested by policy because requireComputer set to false</token-text>
  </arg-string>
</do-remove-resource>

1. Allowed Content

arg-password
password argument
arg-dn
DN argument
arg-association
association argument
arg-string
string argument

2. Attributes

AttributeValue(s)Default Value
disabled true   |  false
true if this element is disabled
false
id CDATA
the LDAP format DN of a user authorized to make the request
supports variable expansion
#REQUIRED
instance-guid CDATA
the instance guid for revoking a single instance of a multivalue resource assignment. If null is specified, all instances will be revoked
supports variable expansion
null
notrace true   |  false
false
resource-id CDATA
the LDAP format DN of the Resource to revoke
supports variable expansion
#REQUIRED
url CDATA
the URL of the User Application server hosting RBPM
supports variable expansion
#REQUIRED

3. Content Rule

( arg-password , ( arg-dn | arg-association ) ? , arg-string * )

4. Parent Elements

actions
  actions that are performed by a <rule>
arg-actions
  actions argument

Top Elements || All Elements || Tree


DirXMLScript DTD