Novell Designer for Identity Manager Policies

Novell®

www.novell.com

Policies in Designer 3.5

Designer for Identity Manager

novdocx (en) 13 May 2009

AUTHORIZED DOCUMENTATION

3.5

September 18, 2009

Policies in Designer 3.5

Legal Notices

Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.

Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. See the

Novell International Trade Services Web page (http://www.novell.com/info/exports/) for more information on

exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.

novdocx (en) 13 May 2009

Copyright © 2009 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.

Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed on the Novell Legal Patents Web page (http://www.novell.com/company/legal/patents/) and one or more additional patents or pending patent applications in the U.S. and in other countries.

Novell, Inc. 404 Wyman Street, Suite 500 Waltham, MA 02451 U.S.A. www.novell.com

Online Documentation: To access the latest online documentation for this and other Novell products, see

the Novell Documentation Web page (http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/

trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

novdocx (en) 13 May 2009

4 Policies in Designer 3.5

Contents

About This Guide 15

1Overview 17

1.1 Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

2 Using the Pre-Identity Manager 3.5 Policy Builder 19

3 Managing Policies with the Policy Builder 21

3.1 Accessing the Policy Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1.1 Model Outline View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.1.2 Policy Flow View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.1.3 Policy Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.2 Using the Policy Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.3 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.3.1 Accessing the Policy Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.3.2 Using the Policy Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

3.3.3 Using the Add Policy Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.4 Creating a Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.4.1 Creating a New Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.4.2 Using Predefined Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.4.3 Including an Existing Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4.4 Importing a Policy From an XML File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.5 Creating an Argument . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.6 Variable Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

3.6.1 Dynamic Variable Expansion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.6.2 Accessing the Variable Selector From the Conditions Tab . . . . . . . . . . . . . . . . . . . . 36

3.6.3 Accessing the Variable Selector From the Actions Tab. . . . . . . . . . . . . . . . . . . . . . . 37

3.6.4 Accessing the Variable Selector From the Argument Builder . . . . . . . . . . . . . . . . . . 38

3.6.5 XPath Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.7 Editing a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.7.1 Actions and Menu Items in the Policy Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

3.7.2 Keyboard Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.7.3 Renaming a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.7.4 Saving Your Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3.7.5 Policy Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

3.8 Viewing the Policy in XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

novdocx (en) 13 May 2009

4 Using Additional Builders and Editors 45

4.1 Action Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4.1.1 Creating an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4.1.2 Additional Options for the Action Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.2 Actions Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.3 Argument Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

4.3.1 Launching the Argument Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4.3.2 Argument Builder Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50

4.4 Condition Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.4.1 Creating a Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Contents 5

4.4.2 Additional Options for the Condition Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

4.5 Conditions Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

4.6 Match Attribute Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

4.7 Action Argument Component Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

4.8 Argument Value List Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4.9 Named String Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58

4.10 Condition Argument Component Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

4.11 Pattern Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

4.12 String Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

4.13 XPath Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.14 Mapping Table Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.14.1 Creating a Mapping Table Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

4.14.2 Adding a Mapping Table Object to a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

4.14.3 Editing a Mapping Table Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

4.14.4 Importing Data from a CSV File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

4.14.5 Exporting Data to a CSV File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

4.14.6 Testing a Mapping Table Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

4.15 Namespace Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

4.15.1 Accessing Java Classes Using Namespaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68

4.16 Local Variable Selector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

novdocx (en) 13 May 2009

5 Using the XPath Builder 71

6 Defining Schema Map Policies 77

6.1 Using the Schema Map Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.1.1 Accessing the Schema Map Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6.1.2 Navigating the Schema Map Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

6.1.3 Understanding the Schema Map Editor Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80

6.2 Editing a Schema Map Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

6.2.1 Adding or Deleting Classes and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

6.2.2 Refreshing the Application Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

6.2.3 Editing Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

6.2.4 Sorting Schema Map Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.2.5 Managing the Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.3 Testing Schema Map Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

6.4 Exporting and Importing with the Schema Map Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.4.1 Exporting a Schema Map Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.4.2 Importing a Schema Map Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.5 Accessing the Schema Map Policy in XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.6 Additional Schema Map Policy Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87

6.6.1 Outline View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.6.2 Policy Flow View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

6.6.3 Policy Set View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

7 Controlling the Flow of Objects with the Filter 93

7.1 Using the Filter Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

7.1.1 Accessing the Filter Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

7.1.2 Navigating the Filter Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96

7.1.3 Understanding the Filter Editor Toolbar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

7.2 Editing the Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.2.1 Removing or Adding Classes and Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

7.2.2 Modifying Multiple Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

7.2.3 Copying an Existing Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

6 Policies in Designer 3.5

7.2.4 Setting Default Values for Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

7.2.5 Changing the Filter Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

7.3 Testing the Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.4 Exporting and Importing Filter Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.4.1 Exporting a Filter File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.4.2 Importing a Filter File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.5 Adding Comments to Classes and Attributes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104

7.6 Viewing the Filter in XML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

7.7 Deploying the Filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

7.8 Additional Filter Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

7.8.1 Outline View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

7.8.2 Policy Flow View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.8.3 Policy Set View Additional Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

8 Using Predefined Rules 109

8.1 Command Transformation - Create Departmental Container - Part 1 and Part 2 . . . . . . . . . 110

8.1.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

8.1.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

8.1.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

8.2 Command Transformation - Publisher Delete to Disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

8.2.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

8.2.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

8.2.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

8.3 Creation - Require Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

8.3.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

8.3.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

8.3.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8.4 Creation - Publisher - Use Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8.4.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

8.4.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8.4.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8.5 Creation - Set Default Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

8.5.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

8.5.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

8.5.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

8.6 Creation - Set Default Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

8.6.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119

8.6.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

8.6.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

8.7 Event Transformation - Scope Filtering - Include Subtrees . . . . . . . . . . . . . . . . . . . . . . . . . . 121

8.7.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

8.7.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121

8.7.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.8 Event Transformation - Scope Filtering - Exclude Subtrees . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.8.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.8.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123

8.8.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

8.9 Input or Output Transformation - Reformat Telephone Number from (nnn) nnn-nnnn to nnn-nnn-

nnnn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

8.9.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

8.9.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

8.9.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

8.10 Input or Output Transformation - Reformat Telephone Number from nnn-nnn-nnnn to (nnn) nnn-

nnnn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

8.10.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

novdocx (en) 13 May 2009

Contents 7

8.10.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126

8.10.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

8.11 Matching - Publisher Mirrored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

8.11.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

8.11.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

8.11.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

8.12 Matching - Subscriber Mirrored - LDAP Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

8.12.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

8.12.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129

8.12.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

8.13 Matching - By Attribute Value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

8.13.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

8.13.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131

8.13.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

8.14 Placement - Publisher Mirrored . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

8.14.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

8.14.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133

8.14.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.15 Placement - Subscriber Mirrored - LDAP Format. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.15.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

8.15.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

8.15.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.16 Placement - Publisher Flat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.16.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.16.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

8.16.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

8.17 Placement - Subscriber Flat - LDAP Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.17.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.17.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.17.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

8.18 Placement - Publisher By Dept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

8.18.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

8.18.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

8.18.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

8.19 Placement - Subscriber By Dept - LDAP Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

8.19.1 Creating a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

8.19.2 Importing the Predefined Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

8.19.3 How the Rule Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

novdocx (en) 13 May 2009

9 Testing Policies with the Policy Simulator 145

9.1 Accessing the Policy Simulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

9.1.1 Outline View. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

9.1.2 Policy Flow View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

9.1.3 Editors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

9.2 Creating an XDS Input Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

9.2.1 Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.2.2 Import an XDS Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.2.3 Use an Identity Vault Object As a Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

9.2.4 Use an Application Object As a Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.2.5 Clear All Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.2.6 Configuration Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

9.2.7 Save the Input Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

9.2.8 Simulation Point. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

9.2.9 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

9.2.10 Parameter and Value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

9.2.11 Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152

8 Policies in Designer 3.5

9.3 Using the Operation Data Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154

9.4 Using the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155

9.4.1 Accessing the Hex Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156

9.4.2 Importing Data into the Hex Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

9.4.3 Inserting Data in the Hex Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

9.4.4 Appending Data in the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

9.4.5 Editing Data in the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

9.4.6 Reverting Changes in the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

9.4.7 Deleting Data in the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

9.4.8 Moving the Cursor in the Hex Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

9.4.9 Exporting Data from the Hex Editor. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162

9.5 Simulating a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

9.6 Simulating Policies with Java Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

10 Storing Information in Resource Objects 169

10.1 Generic Resource Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

10.1.1 Creating a Resource Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169

10.1.2 Using a Generic Resource Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

10.2 Mapping Table Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

10.3 ECMAScript Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

10.4 Application Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

10.5 Repository Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

10.6 Library Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

10.6.1 Creating Library Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

10.6.2 Adding Policies to the Library Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

10.6.3 Using Policies in the Library Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

novdocx (en) 13 May 2009

11 Using ECMAScript in Policies 175

11.1 Creating an ECMAScript Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175

11.2 Using the ECMAScript Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

11.2.1 Main Scripting Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

11.2.2 Expression Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

11.2.3 Functions and Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180

11.2.4 Error Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181

11.2.5 Shell Area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

11.3 Examples of ECMAScripts with Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

11.3.1 DirXML Script Policy Calling an ECMAScript Function . . . . . . . . . . . . . . . . . . . . . . 185

11.3.2 XSLT Policy Calling an ECMAScript Function at the Driver Level . . . . . . . . . . . . . . 186

11.3.3 XSLT Policy Calling an ECMAScript Function in the Style Sheet . . . . . . . . . . . . . . 187

12 Conditions 189

If Association. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

If Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

If Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

If Destination Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

If Destination DN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

If Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

If Global Configuration Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

If Local Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

If Named Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

If Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

If Operation Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Contents 9

If Operation Property. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219

If Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

If Source Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

If Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

If XML Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

If XPath Expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230

13 Actions 233

Add Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

Add Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

Add Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Add Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Add Source Attribute Value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242

Add Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Append XML Element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244

Append XML Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

Break. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Clear Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Clear Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Clear Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Clear SSO Credential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252

Clone By XPath Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Clone Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254

Delete Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

Delete Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

Find Matching Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

For Each . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

Generate Event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

If . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Implement Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Move Destination Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267

Move Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269

Reformat Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

Remove Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 272

Remove Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Remove Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Remove Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Rename Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277

Rename Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Rename Source Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Send Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280

Send Email from Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

Set Default Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284

Set Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Set Destination Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Set Local Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Set Operation Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Set Operation Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Set Operation Destination DN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Set Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Set Operation Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

novdocx (en) 13 May 2009

10 Policies in Designer 3.5

Set Operation Template DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Set Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Set Source Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

Set SSO Credential. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Set SSO Passphrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

Set XML Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Start Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

Strip Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Strip XPath Expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

Trace Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Veto. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Veto If Operation Attribute Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

While . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

14 Noun Tokens 313

Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314

Added Entitlement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318

Character . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Destination Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Destination DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

Destination Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Generate Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328

Global Configuration Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329

Local Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Named Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334

Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335

Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339

Removed Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Removed Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Resolve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343

Source Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344

Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Source Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Unique Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

Unmatched Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

XPath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352

novdocx (en) 13 May 2009

15 Verb Tokens 353

Base64 Decode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Base64 Encode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

Contents 11

Convert Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Escape Destination DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

Escape Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

Join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

Lowercase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362

Parse DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364

Replace All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366

Replace First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Split . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Substring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Uppercase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

XML Parse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373

XML Serialize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

16 Pre-Identity Manager 3.5 Builders 375

16.1 Action Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

16.1.1 Creating an Action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

16.1.2 Additional Options for the Action Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

16.2 Actions Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

16.3 Argument Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377

16.3.1 Launching the Argument Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

16.3.2 Argument Builder Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

16.4 Action Argument Component Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381

16.5 Condition Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

16.5.1 Creating a Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

16.5.2 Additional Options for the Condition Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382

16.6 Condition Argument Component Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

16.7 Match Attribute Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383

16.8 Named String Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

16.9 Pattern String Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386

16.10 Argument Value List Builder. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

16.11 Namespace Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

16.11.1 Accessing Java Classes by Using Namespaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

novdocx (en) 13 May 2009

17 Pre-Identity Manager 3.5 Conditions 391

If Association. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392

If Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393

If Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

If Destination Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397

If Destination DN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399

If Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

If Global Configuration Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402

If Local Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404

If Named Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406

If Operation Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407

If Operation Property. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

If Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411

If Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413

If Source Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

If Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

12 Policies in Designer 3.5

If XPath Expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 417

18 Pre-Identity Manager 3.5 Actions 419

Add Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Add Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

Add Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Add Source Attribute Value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424

Add Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425

Append XML Element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Append XML Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Break. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

Clear Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

Clear Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

Clear Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

Clear SSO Credential . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432

Clone By XPath Expression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433

Clone Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434

Delete Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

Delete Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Find Matching Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

For Each . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

Generate Event. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

Implement Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Move Destination Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442

Move Source Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

Reformat Operation Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444

Remove Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

Remove Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Remove Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Rename Destination Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

Rename Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

Rename Source Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450

Send Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

Send Email from Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Set Default Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453

Set Destination Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

Set Destination Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

Set Local Variable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Set Operation Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

Set Operation Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458

Set Operation Destination DN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Set Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

Set Operation Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461

Set Operation Template DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462

Set Source Attribute Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463

Set Source Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464

Set SSO Credential. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

Set SSO Passphrase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466

Set XML Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Strip Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

. . . . . . . . . . . . 468

novdocx (en) 13 May 2009

Contents 13

Strip XPath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 470

Trace Message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

Veto. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472

Veto If Operation Attribute Not Available . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473

19 Pre-Identity Manager 3.5 Noun Tokens 475

Added Entitlement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476

Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477

Attribute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478

Class Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

Destination Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Destination DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481

Destination Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482

Entitlement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483

Global Configuration Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 484

Local Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485

Named Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486

Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Operation Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488

Operation Property . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489

Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490

Removed Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491

Removed Entitlements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492

Source Attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493

Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Source Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495

Text . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496

Unique Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497

Unmatched Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499

XPath . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

novdocx (en) 13 May 2009

20 Pre-Identity Manager 3.5 Verb Tokens 501

Escape Destination DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502

Escape Source DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

Lowercase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

Parse DN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

Replace All . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

Replace First. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508

Substring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

Uppercase. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

14 Policies in Designer 3.5

About This Guide

Novell® Identity Manager 3.6.1 is a data sharing and synchronization service that enables applications, directories, and databases to share information. It links scattered information and enables you to establish policies that govern automatic updates to designated systems when identity changes occur.

Identity Manager provides the foundation for account provisioning, security, single sign-on, user self-service, authentication, authorization, automated workflows, and Web services. It allows you to integrate, manage, and control your distributed identity information so you can securely deliver the right resources to the right people.

This guide provides detailed information on using Designer 3.0 for Identity Manager 3.6.1.

 Chapter 1, “Overview,” on page 17

 Chapter 3, “Managing Policies with the Policy Builder,” on page 21

 Chapter 4, “Using Additional Builders and Editors,” on page 45

 Chapter 5, “Using the XPath Builder,” on page 71

 Chapter 6, “Defining Schema Map Policies,” on page 77

novdocx (en) 13 May 2009

 Chapter 7, “Controlling the Flow of Objects with the Filter,” on page 93

 Chapter 8, “Using Predefined Rules,” on page 109

 Chapter 9, “Testing Policies with the Policy Simulator,” on page 145

 Chapter 10, “Storing Information in Resource Objects,” on page 169

 Chapter 11, “Using ECMAScript in Policies,” on page 175

 Chapter 12, “Conditions,” on page 189

 Chapter 13, “Actions,” on page 233

 Chapter 14, “Noun Tokens,” on page 313

 Chapter 15, “Verb Tokens,” on page 353

There are additional reference chapters for the pre-Identity Manager Policy Builder:

 Chapter 2, “Using the Pre-Identity Manager 3.5 Policy Builder,” on page 19

 Chapter 16, “Pre-Identity Manager 3.5 Builders,” on page 375

 Chapter 17, “Pre-Identity Manager 3.5 Conditions,” on page 391

 Chapter 18, “Pre-Identity Manager 3.5 Actions,” on page 419

 Chapter 19, “Pre-Identity Manager 3.5 Noun Tokens,” on page 475

 Chapter 20, “Pre-Identity Manager 3.5 Verb Tokens,” on page 501

Audience

This guide is intended for Identity Manager administrators.

About This Guide 15

Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation, or go to www.novell.com/documentation/feedback.html and enter your comments there.

Documentation Updates

For the most recent version of Policies in Designer, visit the Identity Manager Documentation Web

site (http://www.novell.com/documentation/idm35).

Additional Documentation

For documentation on using the Identity Manager drivers, see the Identity Manager Drivers

Documentation Web site (http://www.novell.com/documentation/idm36drivers/index.html).

For documentation on using Designer, see the Designer 3.0 for Identity Manager 3.6.1

Documentation Web site (http://www.novell.com/documentation/designer21/).

novdocx (en) 13 May 2009

Documentation Conventions

In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.

A trademark symbol (

, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party

trademark.

When a single pathname can be written with a backslash for some platforms or a forward slash for other platforms, the pathname is presented with a backslash. Users of platforms that require a forward slash, such as Linux* or UNIX*, should use forward slashes as required by your software.

16 Policies in Designer 3.5

Overview

Policies manage the data that is synchronizing between the Identity Vault and the remote data store. The policies are stored in the policy sets (see “Understanding Types of Policies” in Understanding

Policies for Identity Manager 3.6.) Designer provides a wide set of tools for defining and debugging

policies to control how information flows from one system to another, and under what conditions. The following sections explain how to use the tools that are provided to help manage the policies:

 Chapter 3, “Managing Policies with the Policy Builder,” on page 21

 Chapter 4, “Using Additional Builders and Editors,” on page 45

 Chapter 5, “Using the XPath Builder,” on page 71

 Chapter 6, “Defining Schema Map Policies,” on page 77

 Chapter 7, “Controlling the Flow of Objects with the Filter,” on page 93

 Chapter 8, “Using Predefined Rules,” on page 109

 Chapter 9, “Testing Policies with the Policy Simulator,” on page 145

novdocx (en) 13 May 2009

 Chapter 10, “Storing Information in Resource Objects,” on page 169

 Chapter 11, “Using ECMAScript in Policies,” on page 175

This section also contains a detailed reference section to all of the elements in DirXML® Script. For more information on DirXML Script, see “DirXML Script DTD” in the Identity Manager 3.6 DTD

Reference.

 Chapter 12, “Conditions,” on page 189

 Chapter 13, “Actions,” on page 233

 Chapter 14, “Noun Tokens,” on page 313

 Chapter 15, “Verb Tokens,” on page 353

There are also reference sections for the pre-Identity Manager Policy Builder:

 Chapter 2, “Using the Pre-Identity Manager 3.5 Policy Builder,” on page 19

 Chapter 16, “Pre-Identity Manager 3.5 Builders,” on page 375

 Chapter 17, “Pre-Identity Manager 3.5 Conditions,” on page 391

 Chapter 18, “Pre-Identity Manager 3.5 Actions,” on page 419

 Chapter 19, “Pre-Identity Manager 3.5 Noun Tokens,” on page 475

 Chapter 20, “Pre-Identity Manager 3.5 Verb Tokens,” on page 501

1.1 Policies

As part of understanding how policies work, it is important to understand the components of policies.

 Policies are made up of rules.

 A rule is a set of conditions (see Chapter 12, “Conditions,” on page 189) that must be met

before a defined action (see Chapter 13, “Actions,” on page 233) occurs.

Overview

 Actions can have dynamic arguments that derive from tokens that are expanded at runtime.

 Tokens are broken up into two classifications: nouns and verbs.

 Noun tokens (see Chapter 14, “Noun Tokens,” on page 313) expand to values that are

derived from the current operation, the source or destination data stores, or some external source.

 Verb tokens (see Chapter 15, “Verb Tokens,” on page 353) modify the concatenated

results of other tokens that are subordinate to them.

 Regular expressions (see “Regular Expressions”) and XPath 1.0 expressions (see “XPath 1.0

Expressions”) are commonly used in the rules to create the desired results for the policies.

 A policy operates on an XDS document and its primary purpose is to examine and modify that

document.

 An operation is any element in the XDS document that is a child of the input element and the

output element. The elements are part of the Novell

nds.dtd

; for more information, see

“NDS DTD” in the Identity Manager 3.6 DTD Reference.

 An operation usually represents an event, a command, or a status.

 The policy is applied separately to each operation. As the policy is applied to each operation in

turn, that operation becomes the current operation. Each rule is applied sequentially to the current operation. All of the rules are applied to the current operation unless an action is executed by a prior rule that causes subsequent rules to no longer be applied.

 A policy can also get additional context from outside of the document and cause side effects

that are not reflected in the result document.

novdocx (en) 13 May 2009

18 Policies in Designer 3.5

Using the Pre-Identity Manager 3.5

novdocx (en) 13 May 2009

Policy Builder

Designer contains two Policy Builders: the pre-Identity Manager 3.5 Policy Builder and the Identity Manager 3.5 and Newer Policy Builder. The Policy Builders are similar except for the following:

 You can enable and disable trace only at the driver level in the pre-Identity Manager 3.5 Policy

Builder.

 The DirXML

These differences require two Policy Builders. For information on how to use both Policy Builders, see Chapter 3, “Managing Policies with the Policy Builder,” on page 21, which documents the Identity Manager 3.5 and Newer Policy Builder. The only difference is an additional icon that enables and disables tracing on rules, actions, conditions, and tokens.

For a list of the DirXML Script elements for the pre-Identity Manager 3.5 Policy Builder:

 Chapter 17, “Pre-Identity Manager 3.5 Conditions,” on page 391

 Chapter 18, “Pre-Identity Manager 3.5 Actions,” on page 419

 Chapter 19, “Pre-Identity Manager 3.5 Noun Tokens,” on page 475

 Chapter 20, “Pre-Identity Manager 3.5 Verb Tokens,” on page 501

For a list of the DirXML Script elements for the Identity Manager 3.5 and Newer Policy Builder:

Script elements are different between the two builders.

 Chapter 12, “Conditions,” on page 189

 Chapter 13, “Actions,” on page 233

 Chapter 14, “Noun Tokens,” on page 313

 Chapter 15, “Verb Tokens,” on page 353

Using the Pre-Identity Manager 3.5 Policy Builder

novdocx (en) 13 May 2009

20 Policies in Designer 3.5

Managing Policies with the Policy

novdocx (en) 13 May 2009

Builder

The Policy Builder is a complete graphical interface for creating and managing the policies that define the exchange of data between connected systems.

 Section 3.1, “Accessing the Policy Builder,” on page 21

 Section 3.2, “Using the Policy Builder,” on page 23

 Section 3.3, “Creating a Policy,” on page 24

 Section 3.4, “Creating a Rule,” on page 28

 Section 3.5, “Creating an Argument,” on page 33

 Section 3.6, “Variable Selector,” on page 35

 Section 3.7, “Editing a Policy,” on page 39

 Section 3.8, “Viewing the Policy in XML,” on page 42

3.1 Accessing the Policy Builder

There are two different Policy Builders included in Designer 3.0: one that works with the new policy features for Identity Manager 3.5 and newer, and an older one that does not support these features. The Policy Builder version is determined by the version of Identity Manager. To set the version of Identity Manager:

1 Open a project in Designer.

2 Click the Outline tab, then select the Show Model Outline icon .

3 Right-click the server object, then click Properties.

4 Select the appropriate Identity Manager Version.

When the Identity Manager version is set to 3.5 or newer, the new Policy Builder is available. If the version is set to anything other than 3.5, the old Policy Builder is available.

The Policy Builder can be accessed from the Model Outline view, from the Policy Flow view, or from a policy set.

 Section 3.1.1, “Model Outline View,” on page 21

 Section 3.1.2, “Policy Flow View,” on page 22

 Section 3.1.3, “Policy Set,” on page 22

3.1.1 Model Outline View

1 Open a project in Designer.

2 Click the Outline view, then select the Show Model Outline icon .

3 Double-click a policy listed in the Model Outline view or right-click and select Edit.

Managing Policies with the Policy Builder

3.1.2 Policy Flow View

1 Open a project in Designer.

2 Select the Outline tab, then select the Show Policy Flow icon.

3 Double-click a policy in the Policy Flow view.

You can also right-click in the Policy Flow view, select Edit Policy, then select the policy you want to edit.

3.1.3 Policy Set

1 Open a project in Designer.

2 Click the Outline view, then select the Show Model Outline icon.

3 Select the policy in the policy set, then click Edit the policy.

You can also right-click the policy in the policy set, then click Edit.

novdocx (en) 13 May 2009

To see all of the information in the Policy Builder window without scrolling, double-click the policy tab so the Policy Builder fills the entire window. To minimize the window, double-click the policy tab.

22 Policies in Designer 3.5

Figure 3-1 Policy Builder Full Screen

novdocx (en) 13 May 2009

For information on using the Policy Builder, see Section 3.2, “Using the Policy Builder,” on

page 23.

3.2 Using the Policy Builder

The Policy Builder enables you to add, view, and delete the rules that make up a policy. You can also use it to import and save policies and rules, and manage XML namespaces. The Policy Builder contains the “Action Builder” on page 45 and the “Condition Builder” on page 52.

The following tips describe how to perform some common Policy Builder tasks:

Table 3-1 Common Policy Builder Tasks

Tasks Description

Disable Disables a policy, rule, condition, or action.

Enable Enables a policy, rule, condition, or action.

Disable Trace Disables tracing on a rule, condition, or action.

Enable Trace Enables tracing on a rule, condition, or action.

in the tool bar Enables DirXML Script tracing on the policy.

Edit Edits the name of a rule or edits the description of a

rule.

Delete Deletes a rule or a policy.

Browse Browses a list of values to use when populating a

field.

Managing Policies with the Policy Builder 23

Tasks Description

Add a rule Adds a new rule or a predefined rule.

Import Imports a policy from a file.

Save to File Saves a policy to a file.

Deploy Deploys a policy to the Identity Vault.

Compare Compares the policy in the Policy Builder to an

existing policy in the Identity Vault.

Policy Simulator Launches the Policy Simulator and tests the

policies in the Policy Builder.

Edit Namespace Adds multiple XML namespaces to the rule or

policy.

XPath Builder Launches the XPath Builder to create XPath

expressions.

Expand Expands all of the rules in a policy.

novdocx (en) 13 May 2009

Collapse Collapses all of the rules in a policy.

Move up Moves a rule up in the policy.

Move down Moves a rule down in the policy.

Save Click the save icon in the tool bar, click File > Save,

or press Ctrl+S to save your work.

Policy Description Adds a comment to a policy or rule. Comments are

stored directly in the policy or rule, and can be as long as necessary.

3.3 Creating a Policy

A policy sends data to the connected systems. A policy is created through the policy set.

 Section 3.3.1, “Accessing the Policy Set,” on page 24

 Section 3.3.2, “Using the Policy Set,” on page 25

 Section 3.3.3, “Using the Add Policy Wizard,” on page 26

3.3.1 Accessing the Policy Set

1 Select a driver object from the Outline view in an open project.

24 Policies in Designer 3.5

2 Select the Policy Set tab.

3.3.2 Using the Policy Set

The policy set contains a toolbar and a list of policies.

The policy list displays all the policies contained in the selected policy set. During a transformation, the policies within the list are executed from top to bottom. The toolbar contains buttons and a dropdown menu that you can use to manage policies displayed in the list, including, editing, adding, deleting, renaming, and changing the processing order of the policies.

novdocx (en) 13 May 2009

Policy Set Toolbar

The policy set displays a copy of the policy. The buttons on the toolbar are enabled or disabled depending upon the item you have selected. The different icons are described below.

Table 3-2 Policy Set Toolbar

Operation Description

Edit the policy Launches the Policy Builder.

Create or add a new policy to the Policy Set Launches the Add Policy Wizard.

Remove and delete the selected policy Deletes the policy from the project.

Remove the selected policy from the Policy Set,

but do not delete it

Move the policy up the policy chain Moves the policy up in the processing order.

Move the policy down the policy chain Moves the policy down in the processing order.

Removes the policy from the selected policy set object but doesn’t delete the policy.

Keyboard Support

You can move through the policy set with keystrokes as well as using the mouse. The supported keystrokes are listed below.

Managing Policies with the Policy Builder 25

Table 3-3 Keyboard Support

Keystroke Description

Up-arrow Moves the selected policy up in the processing

order.

Down-arrow Moves the selected policy down in the processing

order.

Delete Deletes the policy from the project.

Minus Removes the policy from the selected policy set,

but does not delete it.

Plus Launches the Add Policy Wizard.

Ctrl+Z Undoes the last operation.

Ctrl+Y Redoes the last operation.

3.3.3 Using the Add Policy Wizard

novdocx (en) 13 May 2009

The Add Policy Wizard launches when you click the Create or add a new policy to the Policy Set icon in the toolbar. The Add Policy Wizard enables you to do the following:

 “Creating a Policy” on page 26

 “Copying a Policy” on page 27

 “Linking to a Policy” on page 28

To launch the Add Policy Wizard:

1 Select a driver in the Outline view.

2 Select a policy set item in the policy set, then click Create or add a new policy to the Policy Set

Creating a Policy

1 In the Add Policy Wizard, select Create a new policy, then click Next.

You can also add a policy by right-clicking a policy set in the Policy Flow view, selecting Add Policy, then selecting how to create the policy:

 DirXML Script

 XSLT

 Link To Existing

 Copy Existing

 Schema Map (Only displayed, if the Schema Map policy set is selected.)

2 In the Create Policy dialog box, specify a policy name, then click Next.

Select Open Editor after creating object to automatically launch the Policy Builder after creating the new policy.

26 Policies in Designer 3.5

Accept the default container, or browse to and select the Driver, Publisher, or Subscriber object where you want the policy to be created.

If a policy is not reused by multiple drivers, you typically create that policy under the driver or channel that is using it.

This decision depends on how you want to organize the policies. By default, policies are placed under the container object that is selected in the Outline tab when the Add Policy Wizard is launched.

For example, if you move to a Publisher object in the Outline tab and then add a policy to a policy set, the policy defaults to the Publisher container.

novdocx (en) 13 May 2009

You can change this setting if you want to create policies in a different container. For example, you can set up a policy library, put all of the common policies under this driver, and then simply reference the policies from the other drivers. That way, the policy is common. If you need to change a policy, you need to do it only once.

3 In the Select Type dialog box, select the type of policy you want to implement, then click

Finish.

The policy type defaults to DirXML Script. You can select XSLT, if you don’t want to use

DirXML

Script.

If you create a Schema Map policy set, an additional option is available for Schema Map.

The new policy appears in the expanded policy set.

Copying a Policy

1 In the Add Policy Wizard, select Copy a policy, then click Next.

2 In the Create Policy dialog box, provide the necessary policy information, then click OK.

 Specify a name for the new policy

Managing Policies with the Policy Builder 27

 Accept the default container, or browse to and select the Driver, Publisher, or Subscriber

object where you want the policy to be created.

 Browse to and select the policy you want to copy, then click Finish.

Linking to a Policy

novdocx (en) 13 May 2009

1 In the Add Policy Wizard, select Link a policy, then click Next.

2 In the Link Policy dialog box, click Browse to launch the model browser.

3 Browse to and select the Policy object you want to link into the policy set, then click OK.

Linking a policy into a policy set doesn’t create a new Policy object. Instead, it adds a reference to an existing policy. This reference can be to any existing policy within the current Identity Vault. It doesn’t need to be contained within the current Driver object, but the policy type must be valid for the policy set that it is being linked to. For example, you can’t link a Schema Map policy into an Input policy set.

Linking a policy into a policy set is not permitted when viewing all policies.

4 Click Finish to link to the selected policy.

3.4 Creating a Rule

A rule is a set of conditions that must be met before a defined action occurs. Rules are created from condition groups, conditions, and actions.

Rules can be created in four different ways:

 Section 3.4.1, “Creating a New Rule,” on page 29

 Section 3.4.2, “Using Predefined Rules,” on page 31

 Section 3.4.3, “Including an Existing Rule,” on page 32

 Section 3.4.4, “Importing a Policy From an XML File,” on page 32

28 Policies in Designer 3.5

3.4.1 Creating a New Rule

When you create a rule, you create condition groups, conditions, and actions. Each rule is composed of conditions, actions, and arguments. For more information, click the Help icon when creating each item. The help files contain a definition and an example of the item being used.

 “Creating a Rule” on page 29

 “Creating a Conditional Group” on page 30

 “Creating a Condition” on page 30

 “Creating an Action” on page 31

Creating a Rule

Policy Builder includes a wizard to step you through the process of creating a rule.

NOTE: On any of the wizard dialog boxes, you can click Finish to exit the wizard and create a rule with the details you have specified to that point.

novdocx (en) 13 May 2009

1 In Policy Builder toolbar, click Rule .

2 In the Name and Describe Rule dialog box, specify the name of the rule, then click Next.

3 In the Select the Condition Structure dialog box, select the rule’s condition structure, then click

Next.

You can choose OR Conditions, AND Groups or AND Conditions, OR Groups.

4 In the Define the Condition dialog box, select the condition you want, specify the appropriate

information, then click Next.

The icons next to the Name field let you browse the Identity Vault schema, the connected application schema, or use the Variable Selector to select the appropriate information.

5 In the Continue Defining Conditions dialog box, select the appropriate option, then click Next.

If desired, you can define additional conditions or condition groups before proceeding. For this example, there is only one condition.

Managing Policies with the Policy Builder 29

6 In the Define the Action dialog box, select the action that you want, then click Next.

7 In the Continue Defining Actions dialog box, select the appropriate option, then click Next.

If desired, you can define additional actions before proceeding. For this example, there is only one action.

8 In the Summary page, click Finish to create the rule.

You can expand or collapse the view of the rule by clicking the plus or minus sign.

novdocx (en) 13 May 2009

Creating a Conditional Group

1 In the Policy Builder, right-click the Conditions tab then click Append Condition Group.

You can also right-click the name of the Condition Group, then click New > Insert Condition Group Before or Insert Condition Group After.

Change the condition for the Condition Groups by clicking the And/Or icon.

Creating a Condition

1 Right-click the condition, then click New > Insert Condition Before or Insert Condition After.

30 Policies in Designer 3.5

+ 480 hidden pages

Novell Designer for Identity Manager Policies

Specifications and Main Features

Frequently Asked Questions

User Manual

Policies in Designer 3.5

About This Guide

Overview

1.1 Policies

Using the Pre-Identity Manager 3.5 Policy Builder

3.1 Accessing the Policy Builder

3.1.1 Model Outline View

Managing Policies with the Policy Builder

3.1.2 Policy Flow View

3.1.3 Policy Set

3.2 Using the Policy Builder

3.3 Creating a Policy

3.3.1 Accessing the Policy Set

3.3.2 Using the Policy Set

3.3.3 Using the Add Policy Wizard

3.4 Creating a Rule

3.4.1 Creating a New Rule