The next Identity Manager (TNIDM) contains some new flow control actions that really simplify some tasks within Policy Builder and help to make the implementation of business logic a little more natural.
In prior versions of IDM, conditional behavior was restricted to selecting rules to process. In TNIDM, there is now a new If action that gives you if-then-else style flow control within the actions of a single rule. The If action contains a set of conditions and two sets of actions (then and else). If actions can be imbedded within other If actions and within looping constructs.
In prior versions of IDM, the only looping construct was the For Each action, which limited looping to iterating a set of items. This made it difficult or impossible to do some kinds of processing that required looping until a particular condition was met. TNIDM introduces a While action that allow for such looping. One possible use of the While action is to be able to roll-your-own unique name generation when the Unique Name token just doesn’t quite do what you need it to (for example, when you need to be able to verify uniqueness in more than one context).
TNIDM also contains two new twists on what you can do with local variables. The first of these is the introduction of driver-scoped local variables. These are variables whose values are available from within any policy within the context of a running driver. Driver-scoped local variables provide an additional method of communicating information to downstream policies and maintaining state information across policy invocations.
The other new twist with local variables is the ability to use variable expansion within fields that were previously completely static. For example, in prior versions of IDM, in order to compare a local variable to anything but static text you had to use the XPath condition – which to some is difficult to use, and is more limiting in the types of comparisons that it can perform. With variable expansion you can compare anything against a variable by using the corresponding condition and use variable expansion in the static text field. Variable expansion is done using $variable-name$ to reference the variable and can be used in pretty much every place you can enter text within policy builder (except for XPath expressions, where variable references were already supported).
Up next: A whole bunch of new tokens
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.