Set up a resource with multiple account types.
<?xml version=’1.0’ encoding=’UTF-8’?> <!DOCTYPE Waveset PUBLIC ’waveset.dtd’ ’waveset.dtd’> <Waveset> <Rule subtype=’IdentityRule’ name=’Administrator Identity’> <concat> <s>adm</s> <ref>attributes.accountId</ref> </concat> </Rule> </Waveset> |
Add a user with two accounts on the resource and set up a user form so that the new resource attributes are directly assigned separately:
account[Simulated Resource].department account[Simulated Resource|admin].department |
Assign different values for each account and test the policy rule.
Location:
sample/rules/SampleAuditorRuleMultipleAccountTypes.xml |