This section contains detailed reference to all conditions available using the Policy Builder interface.
Performs a test on the association value of current operation or the current object.
This example tests to see if the association is available. When this condition is met, the actions that are defined are executed.
Performs a test on attribute values of the current object in either the current operation or the source data store. It can be logically thought of as If Operation Attribute or If Source Attribute, because the test is satisfied if the condition is met in the source data store or n in the operation.
Specify the name of the attribute to test.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
The example uses the condition If Attribute when filtering for User objects that are disabled or have a certain title. The policy is Policy to Filter Events, and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The condition is looking for any User object that has an attribute of Title with a value of consultant or sales.
Performs a test on the object class name in the current operation.
Select the condition test type.
Select the comparison mode. See Section 3.9.1, Comparison Modes.
The example uses the condition If Class Name to govern group membership for a User object based on their title. The policy is Govern Groups for User Based on Title Attribute and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
Checks to see if the class name of the current object is User.
Performs a test on attribute values of the current object in the destination data store.
Specify the name of the attribute to test.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
The example uses the condition If Attribute to govern group membership for a User object based on the title. The policy is Govern Groups for User Based on Title Attribute and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The policy checks to see if the value of the title attribute contains manager.
Performs a test on the destination DN in the current operation. The test performed depends on the specified operator.
Select the condition test type.
Performs a test on entitlements of the current object, in either the current operation or the Identity Vault.
Specify the name of the entitlement to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
Performs a test on a global configuration variable.
Specify the name of the global variable to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
Performs a test on a local variable.
Specify the name of the local variable to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy is Govern Groups for User Based on Title Attribute and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The policy contains five rules that are dependent on each other.
For the If Locate Variable condition to work, the first rule sets four different local variables to test for groups and where to place the groups.
The condition the rule is looking for is to see if the local variable of manager-group-info is available and if manger-group-info is not equal to group. If these conditions are met, then the destination object of group is added.
Performs a test on a password in the current operation with the specified name.
Specify the name of the named password to test for the selected condition.
Select the condition test type.
Performs a test on the name of the current operation.
Select the condition test type.
The values are the operations that the Metadirectory engine looks for in this condition:
add
add-association
check-object-password
delete
get-named-password
modify
modify-association
modify-password
move
init-params
instance
The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy name is Govern Groups for User Based on Title Attribute and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The condition is checking to see if an add or modify operation has occurred. Once one of these occurs, then it sets the local variables.
Performs a test on attribute values in the current operation. The test performed depends on the specified operator.
Specify the name of the attribute to test.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
The example adds a User object to the appropriate group, Employee or Manager, based on Title. It also creates the group, if needed, and sets up security equal to that group. The policy name is Govern Groups for User Based on Title Attribute and it is available for download from Novell’s support Web site. For more information, see Downloadable Identity Manager Policies.
The condition is checking to see if the attribute of Title is equal to .*manager*, which is a regular expression. It means it is looking for a title that has zero or more characters before manager and a single character after manager. It would find a match if the User object’s tile was sales managers.
Performs a test on an operation property on the current operation.
Specify the name of the operation property to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
Performs a test on a password in the current operation.
Select the condition test type.
Performs a test on attribute values of the current object in the source data store.
Specify the name of the source attribute to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Section 3.9.1, Comparison Modes.
Specify the name of the source attribute to test for the selected condition.
Select the condition test type.
Select the comparison mode. See Comparison Modes.
Performs a test on the source DN in the current operation.
Select the condition test type.
Select the condition test type.
The example uses the condition If Source DN to check if the User object is in the source DN. The rule is from the predefined rules that come with Identity Manager. For more information, see Event Transformation - Scope Filtering - Exclude Subtrees.
The condition is checking to see if the source DN is in the Users container. If the object is coming from that container, it is vetoed.