Sun Identity Manager Deployment Reference

Using Locked Arguments

Declaring arguments with default values can be a useful technique for simplifying the development and customization of rules. If you have a constant value in a rule that might occasionally change, it is easier to locate and change that value if it is defined in an argument rather than embedded deep within a rule expression.

The Identity Manager IDE provides a simplified user interface for configuring rules. You can change the default values of arguments in the Identity Manager IDE, which is much easier than editing the entire rule expression.

After an argument is declared, it is possible for the caller of the rule to override the default value by passing an explicit argument. However, if you do not want the caller to have any control over the argument value, include a locked attribute with a value of true in the RuleArgument element to lock the argument. For example,

Example 4–26 Locking an Argument

<Rule name=’generateEmail’ localScope=’true’> 
   <RuleArgument name=’firstname’> 
      <Comments>The first name of a user</Comments> 
   <RuleArgument name=’lastname’> 
      <Comments>The last name of a user</Comments> 
   <RuleArgument name=’domain’ value=’’ locked=’true’> 
      <Comments>The corporate domain name</Comments> 

The domain argument is locked in this example, which means the argument value will always be— even if the caller tries passing a value for the argument. If you are going to use this rule at a site where the domain name is not, the administrator only has to edit the rule to change the argument value. The administrator does not have to understand or modify the rule expression.