Sun Identity Manager 8.1 Business Administrator's Guide

Adding Rules

You can create additional rules by importing existing rules or by using the wizard. (See To Select a Rule Typefor more information.)

Click the AND or OR operators to continue adding rules as necessary. To remove a rule, select it and then click Remove.

Policy violations occur only if the Boolean expression of all rules evaluates to true. By grouping rules with AND/OR operators, it is possible for the policy to evaluate to true, even though all rules do not. Identity Manager creates violations only for rules that evaluate to true, and only if the policy expression evaluates to true.

Note –

Identity Manager does not support the control of rule nesting. In addition, using the Audit Policy Wizard to create policies with different Boolean operators between the rules can produce unpredictable results because the order of evaluation is unspecified.

For complex Rule expressions, create the rules using an XML editor instead of using the Audit Policy Wizard. Using an XML editor allows you to negate where necessary to only use a single Boolean operator between rules.