Initiates a request to the Roles Based Provisioning Module (RBPM) to assign the Resource specified by resource-id to an Identity.
The target Identity is specified by either <arg-dn> or <arg-association> if specified or by the current object otherwise. If specified by <arg-dn>, the DN must be in the LDAP format. The request is made to the RBPM enabled User Application server specified by url using credentials specified by id and <arg-password>. Additional optional arguments to the Resource assignment request might be specified by the following named <arg-string>s.
Name |
Description |
---|---|
description |
A description of the reason for the request used for auditing and (if necessary) approval purposes. Default: Request generated by policy. |
NOTE:You can specify parameter values for the added resources. You can use the plus sign (+) to insert a new string, or select the String Builder
in Policies in Designer 4.0.2.
If any type of error occurs while requesting the resource assignment, the error string is available to the enclosing policy in the local variable named error.do-add-resource. Otherwise that local variable is not available.
<do-add-resource id="CN=UAAdmin,OU=Sa,O=Data" url="http://localhost:8080/IDMProv" resource-id="CN=Computer,CN=ResourceDefs,CN=RoleConfig,CN=AppConfig,CN=UserApplication,CN=DriverSet,O=System" time-out="5000"> <arg-password> <token-named-password name="resource-admin"/> </arg-password> <arg-string name="description"> <token-text>Requested by policy because requireComputer attribute set to true</token-text> </arg-string> </do-add-resource>
Element |
Description |
---|---|
Password argument. |
|
DN argument. |
|
Association argument. |
|
String argument. |
Attribute |
Possible Values |
Default Value |
---|---|---|
disabled |
true | false True if this element is disabled. |
false |
id |
CDATA The LDAP format DN of a user authorized to make the request. Supports variable expansion. |
#REQUIRED |
notrace |
true | false True if this element should not be traced during execution of the policy. |
false |
requester-id |
CDATA The LDAP format DN of a user who makes the request. Supports variable expansion. |
#REQUIRED |
resource-id |
CDATA The LDAP format DN of the Resource to assign. Supports variable expansion. |
#REQUIRED |
time-out |
CDATA The number of milliseconds you want Identity Manager to try to establish a connection to the User Application server before timing out. Supports variable expansion. |
0 |
url |
CDATA The URL of the User Application server hosting the Roles Based Provisioning Module. Supports variable expansion. |
#REQUIRED |
( arg-password, (arg-dn | arg-association ) ? , arg-string * )
Element |
Description |
---|---|
Actions that are performed by a <rule>. |
|
Association argument. |