Previous Topic: Policy Xpress Overview

Next Topic: Profile


How to Create a Policy

To create a policy with Policy Xpress, define the following basic elements of a policy.

Profile

Defines the policy type and priority, and allows for grouping similar policies for easy management.

Events

Define when a policy runs.

Note: Be sure to set the Events parameter carefully. Business logic must run at specific times to prevent data corruption and to increase performance. For example, setting a user as enabled should occur when the user is created. Running this logic at all times may cause user accounts that should be disabled to become enabled again. Another example is giving the user a provisioning role that grants access to a certain system. This role should only be assigned to the user after a different role has been assigned and approved. Policy Xpress allows for the activation of its business logic during event and Business Logic Task Handler processing, much like custom adapters. Therefore, unlike identity policies, the logic can be triggered at any time, and not only at the beginning of a task.

Data (Data Elements)

Specify the data used by the policy. Every type of business logic requires some data to work with. That data can be used to make decisions or it can be used to construct more complex data. Policy Xpress provides many individual components to gather data. These components are referred to as Data Elements. An example of a data element is a user's attribute value. For example, Policy Xpress can gather the user's first name and store it as a data element for later use.

Entry Rules

Define the requirements that must be met before execution. Defining entry rules allows you to specify when Policy Xpress evaluates policies, which can simplify policies and improve performance. An example of an entry rule is to run a 'Set Full Name' policy only if the first name or the last name has changed.

Action Rules

Define the action taken based on the information gathered. For example, based on a user's department name, Policy Xpress can assign a user to different roles or specify different account values.

Actions

Specify the action to perform. At the end of the process, Policy Xpress performs the actions needed by the business logic. Policy Xpress works by having an action rule attached to multiple actions, so when the rule is met, the actions are performed. Actions can include assigning attribute values to a user or an account, executing a command line, running a SQL command, or generating a new event.