Layer7 Identity Management

Expand all | Collapse all

Policy Express Logic

Jump to Best Answer
  • 1.  Policy Express Logic

    Posted 07-19-2016 07:31 AM

    Hi Friends,

    Am trying to create a Policy Express,where it needs to be triggered based on a User attribute value and an access Role assigned.Since we have more than 100 different values to the attribute,i need to restrict the Policy Express to 40 different User attribute values.Since the Values are numbers ,i wouldn't be able to put a wildcard.

     

    Currently,i have created Entry Rule,wherein the condition is,if  Access Role = X then the Action Takes place.But this is generating a Failed Events,for the UserAtrribute values outside the 40 Values,because the Action is based on the Values.

     

    Am just wondering,if there is option in Entry Rule Condition ->Value,where i can specify 40 values like

    Condition : Userattribute Equals "123","543","456" and so on .But i tried this its not working,Is there any Regular expression it supports under Value.

    Thanks,

    Antony



  • 2.  Re: Policy Express Logic
    Best Answer

    Posted 07-20-2016 10:41 AM

    Hi Anthony,

    What you can do is:

    1 - set constant that contains the list of numeric value you need:

    ",120,88,098,18737,3,89,"

    2 - Make sure you have comma(,) at the beginning and the end

    3 - Us string function - Index Of:

         string to search in - the constant you created

         String to search for = ,{'Value'},

    4 - Entry rule will be (Index Of > -1) or (Index Of not equals -1)

    Hope it helps.

    Chen Rayman



  • 3.  Re: Policy Express Logic

    Posted 07-20-2016 07:51 PM

    Hi Chen,

    Thanks for the response,but am not clear on the below steps,is there a guide on how to update this,

     

     

    3 - Us string function - Index Of:

         string to search in - the constant you created

         String to search for = ,{'Value'},

    4 - Entry rule will be (Index Of > -1) or (Index Of not equals -1)



  • 4.  Re: Policy Express Logic

    Posted 07-20-2016 08:52 PM
      |   view attached

    Excellent Chen!

     

    Antony,

     

    I am attaching a sample PX to demonstrate what Chen suggested. You can import it in your environment. Before importing this PX in your environment, please create a task called "Create User 6" which has an attribute "Title" present on the screen.

     

    When you populate the values 123 or 543 or 456 in the Title and submit the task, you'll get a message on screen that the value exists in the list of values. If you populate any other value, the message will let you know that the value is not in the set of values.

     

    Hope this helps.

     

    Regards,
    Piyush.

     

    Attachment(s)

    zip
    PX.xml.zip   1K 1 version


  • 5.  Re: Policy Express Logic

    Posted 07-21-2016 02:42 AM

    Thanks a lot to all,I tried the solution suggested by Chen and it is working fine