Previous Topic: Members Tab

Next Topic: User Filter Options


Member, Admin, and Owner Rules

Each role includes rules about who can be a member, administrator, or owner of that role. Therefore, a user could be a member of one role, several roles, or no roles.

Member, admin, and owner rules use the conditions in the following table:

Rule Condition

Example

Rule Syntax

The user must match one attribute value.

 

Users where title starts with senior

where <user-filter>

The user must match multiple attribute values.

Users where title=manager and locality=east

where <user-filter>

The user must belong to named organizations.

Users in organization sales and lower

in <org-rule>

The user must belong to organizations that meet a condition specified by attributes on the organization.

Users in organizations where Business Type=gold or platinum

in organizations where <org-filter>

The user must belong to specific organizations and match specific user attributes.

 

Users where title=manager and locality=east and who are in organization sales or marketing

where <user-filter> and who are in <org-rule>

 

The user must belong to a specific group.

Users who are members of 401K group

who are members of group <group>

The user must be a member of a role.

Users who are members of the Help Desk role

 

who are members of <role-rule>

The user must be an administrator of a role.

Users who are administrators of the Sales Manager role

who are administrators of <role-rule>

The user must be an owner of a role.

Users who are owners of the User Manager role

who are owners of <role-rule>

The user must belong to a group which meets a condition specified by attributes on the group.

Users who are members of groups where owner=CIO

who are members of group <group-filter>

 

The user must meet a condition based on an LDAP query.

(Use an LDAP query for situations where a query created in the CA IdentityMinder User Console is insufficient)

user returned by the query ldap_query

Note: Some rules may involve comparing a value to a multi-valued attribute. For the rule to apply, at least one value in a multi-valued attribute must satisfy the rule. For example, if the rule is Attribute A EQUALS 1, and the value of attribute A is 1, 2, 3 for User X, then User X satisfies the criteria.

For a description of the variables used in the Rules Syntax column in this table, see one of the following sections:
User Filter Options
Group Filter Options
Organization Filter Options
Organization Rule Options