Ping Identity Data Governance Server - Exclude Attributes Policy Obligation

Data Governance Server Documentation Index
Configuration Reference Home

Exclude Attributes Policy Obligation

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

A policy obligation to exclude the specified attributes from a SCIM response.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Exclude Attributes Policy Obligation component inherits from the Policy Obligation

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ obligation-id	None
↓ evaluation-order-index
↓ attribute-names

Basic Properties

obligation-id (Read-Only)

Description	A unique identifier for the obligation sub-type.
Default Value	exclude-attributes
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

evaluation-order-index (Read-Only)

Description	If multiple Policy Obligations are returned from a single policy request, then this property governs the order in which the Policy Obligations will be processed by the Policy Enforcement Point. Policy Obligations with a smaller value will be evaluated first. If multiple Policy Obligations have the same evaluation-order-index, then their order of evaluation is indeterminate.
Default Value	10
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

attribute-names

Description	A JEXL expression that when evaluated at run time will return a list of attribute names to be excluded from the response. To specify a fixed list of attributes, use a JEXL array literal such as ["attr1", "attr2"]. Extension schema attributes must be fully-qualified, e.g. 'urn:someExtension:someAttribute'. Specifying sub-attributes of complex attributes is not supported.
Default Value	None
Allowed Values	application/jexl
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Policy Obligations:

dsconfig list-policy-obligations
     [--property {propertyName}] ...

To view the configuration for an existing Policy Obligation:

dsconfig get-policy-obligation-prop
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Policy Obligation:

dsconfig set-policy-obligation-prop
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Exclude Attributes Policy Obligation:

dsconfig create-policy-obligation
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     --type exclude-attributes
     --set attribute-names:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Policy Obligation:

dsconfig delete-policy-obligation
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}