do-add-resource

The <do-add-resource> action initiates a request to the Roles Based Provisioning Module (RBPM) to assign the Resource specified by resource-id to an Identity. The target Identity is specified by either <arg-dn> or <arg-association> if specified or by the current object otherwise. If specified by <arg-dn>, the DN must in LDAP format. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Resource assignment request may be specified by named <arg-string>'s.

Name Description

description

A description of the reason for the request used for auditing and (if necessary) approval purposes.
Default: Request generated by policy.

There will be one of these two local variables available to the enclosing policy depending on the success or failure of this request.

Example

<do-add-resource
    id="CN=UAAdmin,OU=Sa,O=Data"
	url="http://localhost:8080/IDMProv"
	resource-id="CN=Computer,CN=ResourceDefs,CN=RoleConfig,CN=AppConfig,CN=UserApplication,CN=DriverSet,O=System"
	time-out="30000">
  <arg-password>
    <token-named-password name="resource-admin"/>
  </arg-password>
  <arg-string name="description">
    <token-text>Requested by policy because requireComputer attribute set to true</token-text>
  </arg-string>
</do-add-resource>

1. Allowed Content

arg-password
password argument
arg-dn
DN argument
arg-association
association argument
arg-string
string argument

2. Attributes

AttributeValue(s)Default Value
disabled true   |  false
true if this element is disabled
false
id CDATA
the LDAP format DN of a user authorized to make the request
supports variable expansion
#REQUIRED
notrace true   |  false
false
resource-id CDATA
the LDAP format DN of the Resource to assign
supports variable expansion
#REQUIRED
time-out CDATA
the number of milliseconds to wait to establish a connection to the User Application server before timing out.
supports variable expansion
0
url CDATA
the URL of the User Application server hosting RBPM
supports variable expansion
#REQUIRED

3. Content Rule

( arg-password , ( arg-dn | arg-association ) ? , arg-string * )

4. Parent Elements

actions
  actions that are performed by a <rule>
arg-actions
  actions argument

Top Elements || All Elements || Tree


DirXMLScript DTD