Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
A Data Governance Server policy rule.
↓Relations from This Component
↓Relations to This Component
↓Properties
↓dsconfig Usage
The following components have a direct composition relation from Policy Rules:
The following components have a direct composition relation to Policy Rules:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | None |
| ↓ effect | |
| ↓ condition | |
| ↓ evaluation-order-index |
| Description | A description for this Policy Rule |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the effect of this rule if its condition evaluates to true. |
| Default Value | None |
| Allowed Values | permit - The rule will return a value of permit if its condition is satisfied. deny - The rule will return a value of deny if its condition is satisfied. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A boolean JEXL expression that when evaluated determines whether this rule will effect the ultimate policy decision. |
| Default Value | If no condition is specified, the rule's effect is always considered when determining the overall policy decision. This can be useful if the purpose of the rule is only to add obligations or advice. |
| Allowed Values | application/jexl |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | If multiple Policy Rules are defined for a single Policy, and the Policy's combining algorithm is one for which the ordering of Policy Rules is significant, then this property determines the evaluation order of the constituent Policy Rules. Policy Rules with a smaller value will be evaluated first. If multiple rules have the same evaluation-order-index, then their order of evaluation is indeterminate. If the combining algorithm of the containing Policy is one for which order is not important, then the values of this property are not used. |
| Default Value | 10 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Policy Rules:
dsconfig list-policy-rules
[--property {propertyName}] ...
To view the configuration for an existing Policy Rule:
dsconfig get-policy-rule-prop
--rule-name {name}
--policy-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Policy Rule:
dsconfig set-policy-rule-prop
--rule-name {name}
--policy-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Policy Rule:
dsconfig create-policy-rule
--rule-name {name}
--policy-name {name}
--set effect:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Policy Rule:
dsconfig delete-policy-rule
--rule-name {name}
--policy-name {name}