Initiates a request to the Roles Based Provisioning Module (RBPM) to assign the Role specified by role-id to an Identity.
The target Identity is specified by either <arg-dn> or <arg-association> if specified or by the current object otherwise. If specified by <arg-dn>, the DN must in LDAP format. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Role assignment request may be specified by the following named <arg-string>s.
If any type of error occurs while requestion the role assignment, the error string is available to the enclosing policy in the local variable named error.do-add-role. Otherwise that local variable is not available.
<do-add-role id="cn=RoleAdmin,o=People" url="http://localhost:8080/IDMProv" role-id="cn=Contractor,cn=Level30,cn=RoleDefs,cn=RoleConfig, cn=AppConfig,cn=UserApplication,cn=DriverSet,o=novell"> <arg-password> <token-named-password name="role-admin"/> </arg-password> <arg-string name="description"> <token-text>Requested by policy because isContractor attribute set to true</token-text> </arg-string> <arg-string name="effective-time"> <token-src-attr name="Hire Date"/> </arg-string> <arg-string name="expiration-time"> <token-convert-time dest-format="!CTIME" dest-tz="UTC" offset="6" offset-unit="month" src-format="!CTIME" src-tz="UTC"> <token-src-attr name="Hire Date"/> </token-convert-time> </arg-string> </do-add-role>
( arg-password, (arg-dn | arg-association ) ? , arg-string * )
Element |
Description |
---|---|
Actions that are performed by a <rule>. |
|
Association argument. |