actions

The <actions> that are performed when <conditions> of the enclosing <rule> are met. All individual actions are represented by an element of the form <do-*>.

Most actions take arguments that further describe the action to be taken. Arguments that take a fixed string that will never change at run-time are represented by attributes on the action element. Arguments that can be re-evaluated at run-time are represented by child elements of the form <arg-*>. The content of most (exceptions noted on the documentation for the individual arguments) of these arguments consists of a set of tokens represented by elements of the form <token-*>. The individual tokens are expanded at run-time based on the rule evaluation context and the results of the expansion of are concatenated together to form the actual argument.

NOTE: For the tokens that support regular expression, Identity Manager evaluates the following special characters in the regular expression context:
\ $ ^.? * + [ ] ( ) |

To use these characters as literals in a regular expression, escape the character with a backslash (“\”).

Example

See <policy>.

1. Allowed Content

do-add-association
associate the current object
do-add-dest-attr-value
add a value to an attribute in the destination datastore
do-add-dest-object
add an object in the destination datastore
do-add-src-attr-value
add a value to an attribute in the source datastore
do-add-src-object
add an object in the source datastore
do-add-role
request the assignment of a Role to an Identity
do-add-resource
request the assignment of a Resource to an Identity
do-append-xml-element
append a custom XML element to existing elements
do-append-xml-text
append custom XML text to existing elements
do-break
stop processing the current operation with this policy
do-clear-dest-attr-value
clear all values of an attribute in the destination datastore
do-clear-op-property
clear an operation property
do-clear-src-attr-value
clear all values of an attribute in the source datastore
do-clear-sso-credential
clear a credential in an SSO credential store
do-clone-op-attr
apply all operations on an attribute in the current operation to a different attribute
do-clone-xpath
clone and append set of nodes to existing elements
do-create-resource
create a resource
do-create-role
create a role
do-delete-dest-object
delete an object in the destination datastore
do-delete-src-object
delete an object in the source datastore
do-delete-resource
delete a resource
do-delete-role
delete a role
do-find-matching-object
automatically associate the current object
do-for-each
repeat actions for each node in a node-set
do-generate-event
generate an user defined event
do-generate-xdas-event
generate an xdas event
do-if
conditionally perform actions
do-implement-entitlement
implement an entitlement
do-invoke-rest-endpoint
Invoke a REST Endpoint
do-modify-resource
modify a resource
do-modify-role
modify a role
do-move-dest-object
move an object in the destination datastore
do-move-src-object
move an object in the source datastore
do-reformat-op-attr
change the format of all values of a particular attribute in the current operation
do-remove-association
disassociate an application object
do-remove-dest-attr-value
remove a value from an attribute in the destination datastore
do-remove-named-password
Remove a Named Password
do-remove-role
request the revocation of a Role from an Identity
do-remove-resource
request the revocation of a Resource for an Identity
do-remove-src-attr-value
remove a value from an attribute in the source datastore
do-rename-dest-object
rename an object in the destination datastore
do-rename-op-attr
change an attribute name for all operations on that attribute in the current operation
do-rename-src-object
rename an object in the source datastore
do-send-email
generate an email notification
do-send-email-from-template
generate an email notification using SMTP configuration and email template objects
do-set-default-attr-value
set the default value for an attribute to be created in the destination datastore
do-set-dest-attr-value
set the value of an attribute in the destination datastore
do-set-dest-password
set the password for an object in the destination datastore
do-set-local-variable
set the value of a local variable
do-set-named-password
Set/Create a Named Password
do-set-op-association
set that association value for the current operation
do-set-op-class-name
set the object class name for the current operation
do-set-op-dest-dn
set the destination DN for the current operation
do-set-op-property
set an operation property
do-set-op-src-dn
set the source DN for the current operation
do-set-op-template-dn
set the template DN for the current add operation
do-set-src-attr-value
set the value of an attribute in the source datastore
do-set-src-password
set the password for an object in the source datastore
do-set-sso-credential
set a credential in an SSO credential store
do-set-sso-passphrase
set a passphrase in an SSO credential store
do-set-xml-attr
set custom XML attribute on existing elements
do-start-workflow
start a workflow
do-status
report status
do-strip-op-attr
strip an attribute from the current operation
do-strip-xpath
strip arbitrary data from the current operation
do-trace-message
emit trace message
do-veto
veto the current operation
do-veto-if-op-attr-not-available
veto the current operation if a particular attribute is not available in the operation
do-while
repeat actions while a conditions are true

2. No Attributes

3. Content Rule

( do-add-association | do-add-dest-attr-value | do-add-dest-object | do-add-src-attr-value | do-add-src-object | do-add-role | do-add-resource | do-append-xml-element | do-append-xml-text | do-break | do-clear-dest-attr-value | do-clear-op-property | do-clear-src-attr-value | do-clear-sso-credential | do-clone-op-attr | do-clone-xpath | do-create-resource | do-create-role | do-delete-dest-object | do-delete-src-object | do-delete-resource | do-delete-role | do-find-matching-object | do-for-each | do-generate-event | do-generate-xdas-event | do-if | do-implement-entitlement | do-invoke-rest-endpoint | do-modify-resource | do-modify-role | do-move-dest-object | do-move-src-object | do-reformat-op-attr | do-remove-association | do-remove-dest-attr-value | do-remove-named-password | do-remove-role | do-remove-resource | do-remove-src-attr-value | do-rename-dest-object | do-rename-op-attr | do-rename-src-object | do-send-email | do-send-email-from-template | do-set-default-attr-value | do-set-dest-attr-value | do-set-dest-password | do-set-local-variable | do-set-named-password | do-set-op-association | do-set-op-class-name | do-set-op-dest-dn | do-set-op-property | do-set-op-src-dn | do-set-op-template-dn | do-set-src-attr-value | do-set-src-password | do-set-sso-credential | do-set-sso-passphrase | do-set-xml-attr | do-start-workflow | do-status | do-strip-op-attr | do-strip-xpath | do-trace-message | do-veto | do-veto-if-op-attr-not-available | do-while ) *

4. Parent Elements

rule
  rule within a policy

Top Elements || All Elements || Tree


DirXMLScript DTD