UnboundID Identity Broker - Dataview Policy Information Provider

Identity Broker Documentation Index
Configuration Reference Home

Dataview Policy Information Provider

The Dataview Policy Information Provider resolves XACML attributes whose value can be retrieved from a DataView configured on this Identity Broker.

This Policy Information Provider enables policies to be written that access any attribute of an object that is managed through a DataView. The specific object targeted is identified by the XACML request attribute "owner-id" and the attribute of interest is referenced by its URN as defined in the DataView's schema. For example, if using a DataView based on the standard SCIM core schema for users, a user's work email address may be retrieved by creating a XACML Attribute Descriptor with attribute Id "urn:scim:schemas:core:1.0:emails.work".

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Dataview Policy Information Provider component inherits from the Policy Information Provider

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ evaluation-order-index

Basic Properties

description

Description	A description for this Policy Information Provider
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether this Policy Information Provider is enabled for use in Identity Broker.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

evaluation-order-index

Description	When multiple Dataview Policy Information Providers are defined for a single Identity Broker, this property determines the evaluation order for determining the correct provider class for a specified XACML attribute. Values of this property must be unique among all Dataview Policy Information Providers defined within Identity Broker but not necessarily contiguous. Dataview Policy Information Providers with a smaller value will be evaluated first to determine if they match a XACML attribute Id. If the inclusion criteria of the Dataview Policy Information Providers are non-overlapping, i.e. no entry will match more than one Dataview Policy Information Provider, then the values for this property are unimportant.
Default Value	5000
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Policy Information Providers:

dsconfig list-policy-information-providers
     [--property {propertyName}] ...

To view the configuration for an existing Policy Information Provider:

dsconfig get-policy-information-provider-prop
     --provider-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Policy Information Provider:

dsconfig set-policy-information-provider-prop
     --provider-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...