You can use the Audit Policy Wizard to create simple rules, or use the Identity Manager IDE or an XML editor to create more powerful rules.
Rules must be of subType SUBTYPE_AUDIT_POLICY_RULE. Rules generated by the Audit Policy Wizard are automatically assigned this subType.
Rules must be of authType AuditPolicyRule. Rules generated by the Audit Policy Wizard are automatically assigned this authType.
Rules created using the Audit Policy Wizard will return a value of true or false. Policy rules that return a value of true result in a policy violation. Using the Identity Manager IDE, however, you can create a rule that will skip a user during an audit scan or access review. Audit policy rules that return a value of ignore will stop rule processing for that user and skip to the next target user.
For information on creating audit policy rules, see Chapter 5, Working with Rules, in Sun Identity Manager Deployment Reference.