- actions
actions that are performed by a <rule>
- and
logical conjunction
- arg-actions
actions argument
- arg-association
association argument
- arg-component
component argument
- arg-conditions
conditions argument
- arg-dn
DN argument
- arg-match-attr
match attribute argument
- arg-node-set
node set argument
- arg-object
Java Object argument
- arg-password
password argument
- arg-string
string argument
- arg-value
value argument
- comment
-
- component
value component
- conditions
conditions under which the actions of a
<rule> are performed
- description
description of a <policy> or a <rule>
- do-add-association
associate the current object
- do-add-dest-attr-value
add a value to an attribute in the destination
datastore
- do-add-dest-object
add an object in the destination datastore
- do-add-resource
request the assignment of a Resource to an Identity
- do-add-role
request the assignment of a Role to an Identity
- do-add-src-attr-value
add a value to an attribute in the source datastore
- do-add-src-object
add an object in the source datastore
- do-append-xml-element
append a custom XML element to existing elements
- do-append-xml-text
append custom XML text to existing elements
- do-break
stop processing the current operation with this
policy
- do-clear-dest-attr-value
clear all values of an attribute in the destination
datastore
- do-clear-op-property
clear an operation property
- do-clear-src-attr-value
clear all values of an attribute in the source
datastore
- do-clear-sso-credential
clear a credential in an SSO credential store
- do-clone-op-attr
apply all operations on an attribute in the current
operation to a different attribute
- do-clone-xpath
clone and append set of nodes to existing elements
- do-delete-dest-object
delete an object in the destination datastore
- do-delete-src-object
delete an object in the source datastore
- do-find-matching-object
automatically associate the current object
- do-for-each
repeat actions for each node in a node-set
- do-generate-event
generate an user defined event
- do-if
conditionally perform actions
- do-implement-entitlement
implement an entitlement
- do-move-dest-object
move an object in the destination datastore
- do-move-src-object
move an object in the source datastore
- do-reformat-op-attr
change the format of all values of a particular
attribute in the current operation
- do-remove-association
disassociate an application object
- do-remove-dest-attr-value
remove a value from an attribute in the destination
datastore
- do-remove-resource
request the revocation of a Resource for an Identity
- do-remove-role
request the revocation of a Role from an Identity
- do-remove-src-attr-value
remove a value from an attribute in the source
datastore
- do-rename-dest-object
rename an object in the destination datastore
- do-rename-op-attr
change an attribute name for all operations on that
attribute in the current operation
- do-rename-src-object
rename an object in the source datastore
- do-send-email
generate an email notification
- do-send-email-from-template
generate an email notification using SMTP
configuration and email template objects
- do-set-default-attr-value
set the default value for an attribute to be
created in the destination datastore
- do-set-dest-attr-value
set the value of an attribute in the destination
datastore
- do-set-dest-password
set the password for an object in the destination
datastore
- do-set-local-variable
set the value of a local variable
- do-set-op-association
set that association value for the current
operation
- do-set-op-class-name
set the object class name for the current operation
- do-set-op-dest-dn
set the destination DN for the current operation
- do-set-op-property
set an operation property
- do-set-op-src-dn
set the source DN for the current operation
- do-set-op-template-dn
set the template DN for the current add operation
- do-set-src-attr-value
set the value of an attribute in the source
datastore
- do-set-src-password
set the password for an object in the source
datastore
- do-set-sso-credential
set a credential in an SSO credential store
- do-set-sso-passphrase
set a passphrase in an SSO credential store
- do-set-xml-attr
set custom XML attribute on existing elements
- do-start-workflow
start a workflow
- do-status
report status
- do-strip-op-attr
strip an attribute from the current operation
- do-strip-xpath
strip arbitrary data from the current operation
- do-trace-message
emit trace message
- do-veto
veto the current operation
- do-veto-if-op-attr-not-available
veto the current operation if a particular
attribute is not available in the operation
- do-while
repeat actions while a conditions are true
- if-association
test association
- if-attr
test an attribute in the current operation or
current object in the source datastore
- if-class-name
test the object class of the current operation
- if-dest-attr
test an attributeof the current object in the
destination datastore
- if-dest-dn
test the destination DN of the current operation
- if-entitlement
test an entitlement of the current object
- if-global-variable
test a global variable
- if-local-variable
test a local variable
- if-named-password
test a named password
- if-op-attr
test an attribute in the current operation
- if-op-property
test an operation property
- if-operation
test the name of the current operation
- if-password
test the password of the current operation
- if-src-attr
test an attributeof current object in the source
datastore
- if-src-dn
test the source DN of the current operation
- if-xml-attr
test an XML attribute of the current operation
- if-xpath
test an xpath expression
- include
include rules from another policy
- or
logical disjunction
- policy
a policy
- rule
rule within a policy
- token-added-entitlement
the value(s) of an entitlement granted in the
current operation
- token-association
the association value from the current operation
- token-attr
the value(s) of an attribute in the current
operation or current object in the source datastore
- token-base64-decode
decode base64 data into a string
- token-base64-encode
encode a string into base64 data
- token-char
a unicode character
- token-class-name
the object class name from the current operation
- token-convert-time
convert a date/time from one format to another
- token-dest-attr
the value(s) of an attribute of current object in
the destination datastore
- token-dest-dn
a value derived from the destination DN from the
current operation
- token-dest-name
the unqualified RDN derived from destination DN
from the current operation
- token-document
read an XML document
- token-entitlement
the value(s) of a granted entitlement of the
current object
- token-escape-for-dest-dn
convert a string for use in a destination DN
- token-escape-for-src-dn
convert a string for use in a source DN
- token-generate-password
generate a random password
- token-global-variable
the value of a global variable
- token-join
join a node-set into a string
- token-local-variable
the value of a local variable
- token-lower-case
convert a string to lower case
- token-map
map a string through a mapping table
- token-named-password
the value of the named password
- token-op-attr
the value(s) of an attribute in the current
operation
- token-op-property
the value of an operation property
- token-operation
the name of the current operation
- token-parse-dn
parse and/or convert a DN
- token-password
the value of the password in current operation
- token-query
query the source or destination datastore
- token-removed-attr
the value(s) of an attribute removed in the current
operation
- token-removed-entitlement
the value(s) of an entitlement revoked in the
current operation
- token-replace-all
replace all instances of a substring within a
string
- token-replace-first
replace a single instance of a substring within a
string
- token-resolve
resolve a DN to an association key or an
association key to a DN.
- token-split
split a string into a node-set
- token-src-attr
the value(s) of an attribute of current object in
the source datastore
- token-src-dn
a value derived from the source DN from the current
operation
- token-src-name
the unqualified RDN derived from source DN from the
current operation
- token-substring
substring of a string
- token-text
constant text
- token-time
the current date/time
- token-unique-name
a generated unique name
- token-unmatched-src-dn
a DN relative to the one matched by if-src-dn
- token-upper-case
convert a string to upper case
- token-xml-parse
parse XML
- token-xml-serialize
serialize XML
- token-xpath
the result of an XPATH expression