Novell Doc: Policies in iManager for Identity Manager 3.5.1 - Defining Individual Rules within a Policy

2.3 Defining Individual Rules within a Policy

Rules are defined in the Rule Builder window of the Policy Builder:

Figure 2-1 Rule Builder Window of the Policy Builder

The Rule Builder interface enables you to quickly create and modify rules using intelligent drop-down menus.

In the Rule Builder, you define a set of conditions that must be met before a defined action occurs.

For example, if you needed to create a rule that disallowed any new objects from being added to your environment, you might define this rule to indicate that when an add operation occurs, veto the operation.

To implement this logic in the Rule Builder, you could select the following condition:

Figure 2-2 Move User Condition in the Rule Builder Interface

And the following action:

Figure 2-3 Veto Action in the Rule Builder Interface

See Section 9.0, Conditions and Section 10.0, Actions for a detailed reference on the conditions and actions available in the Rule Builder.

Tips

To create more complex conditions, you can join conditions and groups of conditions together with and/or statements. You can modify the way these are joined by selecting the condition structure:

Figure 2-4 Condition Structure Radio Buttons

Click the icon to see a list of values for a field. In the example above, this icon opens a list of valid class names.
Click the icon to use the Argument Builder interface to construct an argument.
Click the icon to disable a policy, rule, condition, or action. Click the icon to re-enable it.
Click the icon to disable tracing on the policy. Click the icon to re-enable tracing of the policy.
Click the icon to add a comment to a policy or rule. Comments are stored directly on the policy or rule, and can be as long as necessary.
Use the Cut/Copy/Paste icons to use the Policy Builder clipboard. The Paste icon is disabled if the current content on the clipboard is invalid at that location.
Use the icons to add, remove, and position conditions.
Use the button to add condition groups.
Use the icons to remove and position condition groups.