|
|
|
To create a policy with Policy Xpress, define the four basic elements of a policy.
Defines when a policy should be run. Business logic must run at specific times to prevent data corruption and to increase performance. For example, setting a user as enabled should occur when the user is created. Running this logic at all times may cause users who should be disabled to become enabled again. Another example is giving the user a provisioning role that grants access to a certain system. This role should only be assigned to the user after a different role has been assigned and approved. Policy Xpress allows for the activation of its business logic during event and BLTH processing, much like custom adapters. Therefore, unlike identity policies, the logic can be triggered at any time, and not only at the beginning of a task.
Specifies the data used by the policy. Every type of business logic requires some data to work with. That data may be used to make decisions or it may be used to construct more complex data. Policy Xpress provides many individual components to gather data. These components are referred to as Data Elements. An example of a data element is a user's attribute value. For example, Policy Xpress can gather the user's first name and store it as a data element for later use.
Defines the rules of the policy. The core of any business logic is rules. Business logic provides the ability to decide what to do, based on information available. Using the information gathered at the data gathering phase, Policy Xpress has two types of rules:
Defines the requirements met before execution. These rules allow the policy to be simple and more effective at the same time. An example of an entry rule is to run a 'Set Full Name' policy only if the first name or the last name has changed.
Defines the action taken based on the information gathered. For example, based on a user's department name we can assign the user to different roles or different account values.
Specifies the action to perform. At the end of the process, Policy Xpress performs the actions needed by the business logic. Policy Xpress works by having an action rule attached to multiple actions, so when the rule is met, the actions are performed. Actions can vary from the assignment of attribute values on a user or in an account, to executing a command line, running a SQL command, or generating a new event.