Policies manage the data that is synchronized between the Identity Vault and the remote data store. The policies are stored in policy sets. Identity Manager installs iManager plug-ins that allow you to create and manage policies.
In order to access the objects that are used in policies, see iManager Navigation.
As part of understanding how policies work, it is important to understand their components.
Policies are made up of rules.
A rule is a set of conditions (see Section 9.0, Conditions) that must be met before a defined action (see Section 10.0, Actions) occurs.
Actions can have dynamic arguments that derive from tokens that are expanded at run time.
Tokens are divided into two classifications: nouns and verbs.
Noun tokens (see Section 11.0, Noun Tokens) expand to values that are derived from the current operation, the source or destination data stores, or some external source.
Verb tokens (see Section 12.0, Verb Tokens) modify the concatenated results of other tokens that are subordinate to them.
Regular expressions (see Regular Expressions
in Understanding Policies for Identity Manager 3.6) and XPath 1.0 expressions (see XPath 1.0 Expressions
in Understanding Policies for Identity Manager 3.6) are commonly used in the rules to create the desired results for the policies.
A policy operates on an XDS document and its primary purpose is to examine and modify that document.
An operation is any element in the XDS document that is a child of the input element and the output element. The elements are part of Novell’s nds.dtd; for more information, see NDS DTD
in the Identity Manager 3.6 DTD Reference.
An operation usually represents an event, a command, or a status.
The policy is applied separately to each operation. As the policy is applied to each operation in turn, that operation becomes the current operation. Each rule is applied sequentially to the current operation. All of the rules are applied to the current operation unless an action is executed by a prior rule that causes subsequent rules to no longer be applied.
A policy can also get additional context from outside of the document and cause side effects that are not reflected in the result document.
For more information on policies and policy types, see Understanding Policies for Identity Manager 3.5.1.
The following sections explain how to create and use policies.
This guide also contains a detailed reference section for all of the elements in DirXML® Script. For more information on DirXML Script, see DirXML Script DTD
in Identity Manager 3.6 DTD Reference.