3. Content Rule
( arg-password , arg-string * )
The <do-create-resource> action initiates a request to the Roles Based Provisioning Module (RBPM) to create the Resource specified by resource-name. If entitlement-dn is specified, resource will be created with entitlement, otherwise resource will be created without entitlement. The entitlement-dn must be in LDAP format. If static is set to true, static resource will be created with the value which is provided in entitlement-value. If static is set to false, dynamic resource will created and entitlement-value is not needed. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Resource creation request may be specified by named <arg-string>'s.
Name Description description
A description of the Resource.
Default: Request generated by policy.display-name
Display Name of the Resource.
Default: Resource Name.entitlement-dn
The entitlement in LDAP format.
static
A boolean value of true if this is a static resource, otherwise false.
Default: trueentitlement-value
The value of the entitlement in JSON format.
Needed only if this is a static resource.
category-key
The Resource Category from one of system, default or both.
owner
The owner of the Resource in LDAP format.
Multiple owners are allowed.
May contain a semi colon(;) separated list of owners.grant-approver
Resource assignment approver in LDAP format.
Multiple approvers are allowed.
May contain a semi colon(;) separated list of approvers which forms serial approval process.grant-quorum
Grant Qourum is the minimum % of approvals required.
revoke-approver
Resource revocation approver in LDAP format. Leave this field empty if it is same as Grant approval
Multiple approvers are allowed.
May contain a semi colon(;) separated list of approvers which forms serial approval process.revoke-quorum
Reovke Qourum is the minimum % of approvals required for the revoke to happen.
allow-override
A boolean value of true if role approval overrides resource approval.
Default: falsemulti-valued
A boolean value of true if this resource can have multiple entitlement values, otherwise false.
Default: falseprd-dn
DN of Provisionig Request Def in LDAP format.
sub-container
LDAP DN of sub container in which resource needs to be created. This is available only while using REST api
locale
Locale used in Resource name
There will be one of these two local variables available to the enclosing policy
depending on the success or failure of this request.
<do-create-resource id="CN=UAAdmin,OU=Sa,O=Data" url="http://localhost:8080/IDMProv" resource-name="Printer" time-out="30000"> <arg-password> <token-named-password name="resource-admin"/> </arg-password> <arg-string name="description"> <token-text>Requested by policy</token-text> </arg-string> <arg-string name="static"> <token-text>true</token-text> </arg-string> <arg-string name="category-key"> <token-text>system;default</token-text> </arg-string> <arg-string name="entitlement-dn"> <token-text>cn=Group,cn=ldapdriver,cn=driverset1,o=system</token-text> </arg-string> <arg-string name="entitlement-value"> <token-text>{"ID":"25713f856ecfb24986ebc35bcd581906","ID2":"CN=Administrators,CN=Builtin,DC=idmseup2,DC=org"}</token-text> </arg-string> <arg-string name="owner"> <token-text xml:space="preserve">cn=admin,ou=sa,o=System;cn=uaadmin,ou=sa,o=data</token-text> </arg-string> <arg-string name="grant-approver"> <token-text xml:space="preserve">cn=manager,ou=Users,o=Data;cn=Director,ou=Users,o=Data</token-text> </arg-string> <arg-string name="grant-quorum"> <token-text>50</token-text> </arg-string> <arg-string name="revoke-approver"> <token-text xml:space="preserve">cn=manager,ou=Users,o=Data;cn=Director,ou=Users,o=Data</token-text> </arg-string> <arg-string name="revoke-quorum"> <token-text>40</token-text> </arg-string> <arg-string name="locale"> <token-text>en</token-text> </arg-string> </do-create-resource>
- arg-password
- password argument
- arg-string
- string argument
Attribute Value(s) Default Value disabled true | false
true if this element is disabledfalse id CDATA
the LDAP format DN of a user authorized to make the request
supports variable expansion#REQUIRED notrace true | false
false osp-clientid CDATA
the client id to authenticate to osp. Applicable only when use-rest is true.
supports variable expansionresource-name CDATA
the Name of the Resource to create
supports variable expansion#REQUIRED time-out CDATA
the number of milliseconds to wait to establish a connection to the User Application server before timing out.
supports variable expansion0 url CDATA
the URL of the User Application server hosting RBPM
supports variable expansion#REQUIRED use-rest true | false
A boolean value of true if REST api has to be used, otherwise false. Default: falsefalse
( arg-password , arg-string * )
- actions
- actions that are performed by a <rule>
- arg-actions
- actions argument
Top Elements || All Elements || Tree