(Optional) Setting Up Entry Membership Rules

This section discusses how to create entry definitions and specify entry membership rules.

Entry membership rules enable you to modify a directory entry, such as a group, based on criteria stored in the PeopleSoft database. This feature provides a method to match any type of directory entry to rules that are meaningful in PeopleSoft applications. You can use membership rules to create any type of logical grouping in the directory. The groupings are not restricted to security purposes.

Page Name

Definition Name

Usage

Entry Definition Page

EO_DSCONTAINERDEFN

Create a directory entry definition.

Entry Membership Rules Page

EO_DSSECRULES

Establish entry membership rules.

Use the Entry Definition page (EO_DSCONTAINERDEFN) to create a directory entry definition.

Image: Entry Definition page

This example illustrates the fields and controls on the Entry Definition page. You can find definitions for the fields and controls later on this page.

Entry Definition page

Use this page to create a directory entry definition.

Field or Control

Definition

Entry Name

Displays the entry name that you entered on the search page. The system uses this value for the entry name throughout the application, so it must be the name of an existing entry in the external directory. The PeopleSoft system assumes that the name is unique in the directory.

Active Flag

Select to activate rules. Rules that are not active do not run.

Directory Search Parameters

Field or Control

Definition

Search Base

Enter the distinguished name of the base under which this entry will be located in the directory. The application performs an LDAP search to retrieve the distinguished name of the entry using this field as the base.

Search Scope

Select from:

Base: The query searches only the value in the Search Base field.

One: The query searches only the entries one level down from the value in the Search Base field.

Sub: The query searches the value in the Search Base field and all entries beneath it.

Build Filter

Field or Control

Definition

( )

Select the check boxes below the parentheses to group expressions. You can group more than one line together using the check box on the left for the first line and the check box on the right for the last line.

Attribute

Enter the name of the attribute that will store the members of the entry in the external directory. It is typically set to member, but the attribute name could be anything that you choose.

Operation

Assign an operator to your rule such as <, <=, <>, =, >, or >=.

Value

Assign a value to the attribute in your rule.

And/Or

To add another line to your rule, select AND or OR depending on your rule logic. Select END to signify the end of the search. Select NONE if you are not using this kind of filter.

Refresh

After you make changes using the Build Filter options, click this button to update the Search Filter edit box to reflect the changes.

Clear LDAP Filter

Click to delete all values from the Search Filter edit box and the Build Filter selections.

Search Filter

Displays the filter that the system applies to the search for the distinguished name of the defined entry. This field typically displays the directory object class of the entry in the form “objectclass = GroupOfUniqueNames”, for example. This indicates what type of entry to search. To retrieve the correct entry distinguished names, the system adds the name of the entry to the search filter at runtime. The name retrieved by the LDAP search using this filter is tied to the rules defined in the Entry Membership Rules page. When these rules run, the employee that the system is currently processing is either added to or deleted from the distinguished name retrieved by the search.

Search Attributes

Field or Control

Definition

Directory Attribute

Select the attribute of the entry being defined that will contain all the members of this entry. This attribute must be valid for the current entry in the directory. The employees that satisfy the entry membership rules of this entry are added under this entry as a new value of this attribute. Because of this, as many attribute values may exist as employees satisfying the entry membership rules. If this field is left blank, the application uses member as a default attribute name.

Trigger Message Names

Field or Control

Definition

Map Names

Select the names of the maps to associate with the entry definition. Besides being a security feature, this also improves performance at runtime, because only applicable rules are evaluated.

Note: Run the directory audit if an entry rule has changed or if you want to initialize the directory entries.

Use the Entry Membership Rules page (EO_DSSECRULES) to establish entry membership rules.

Image: Entry Membership Rules page

This example illustrates the fields and controls on the Entry Membership Rules page. You can find definitions for the fields and controls later on this page.

Entry Membership Rules page

Use this page to establish entry membership rules.

Entry Membership Rules

Field or Control

Definition

Sequence

Displays the sequence of a rule within a rule set. The sequence becomes significant when you enter more than one rule.

NOT

Select to negate the rule that you enter. This is similar to using the symbol ! to reverse the truth value of an operand.

( )

Select the check boxes to add parentheses around your rule. You can group more than one line together using the check box on the left for the first line and the check box on the right for the last line.

Record and Field Name

Enter the name of the PeopleSoft record and field containing the information to be tested.

Operation

Enter the appropriate operator, such as: < , <= , <> , = , > , or >=.

Value

Enter the value on which the employee’s data needs to be tested. This can be any value of the same type as the field used in the rule, such as String, number, date, and so on.

AND/OR

To add another line to your rule, select AND or OR depending on your rule logic. Select END to signify the end of the search. Select NONE if you are not using this kind of filter.

The entry rules are logical expressions that can be either true or false. They are composed of filters on database objects associated by logical operators. Rules have the following form:

[NOT] [ ( ]  Record . Field   operatorConstant [ ) ] [AND/OR]

The symbols between square brackets are optional. The operator can be <, <=, <>, =, >, or >=. A rule set is composed of single rules joined by AND or OR Boolean operators if necessary. The following example shows a series of single rules joined to make one compound rule.

( JOB.LOCATION = ‘KC004’ AND [1]
JOB.COMPRATE > 15000 ) OR [2]
NOT JOB.DEPTID = ‘GBIY004’[3]

Note: No limits are imposed on the number of rules used within a rule set.