Ping Identity Data Governance Server - Third Party Policy Obligation

Data Governance Server Documentation Index
Configuration Reference Home

Third Party Policy Obligation

Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.

Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.

Third Party Policy Obligation supports Policy Obligation implementations created in third-party code using the Server SDK.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Third Party Policy Obligation component inherits from the Policy Obligation

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ obligation-id	None
↓ obligation-arguments
↓ evaluation-order-index
↓ extension-class
↓ extension-argument

Basic Properties

obligation-id (Read-Only)

Description	A unique identifier for the obligation sub-type.
Default Value	If no obligation-id is specified, the system will generate an Id based on the managed object name of the obligation sub-type.
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

obligation-arguments

Description	Contains a list of argument name-value pairs that may be passed into the implementation class of this Third Party Policy Obligation. Arguments specified by this property will be evaluated during policy evaluation and therefore may be computed using information retrieved from the policy request context. Each argument must be given in the form 'name=value'. The value portion of each argument is interpreted as a JEXL expression that when evaluated yields the value to be passed to the Third Party Policy Obligation implementation.
Default Value	If no argument names are specified, no arguments will be passed to the obligation implementation.
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

evaluation-order-index (Read-Only)

Description	If multiple Policy Obligations are returned from a single policy request, then this property governs the order in which the Policy Obligations will be processed by the Policy Enforcement Point. Policy Obligations with a smaller value will be evaluated first. If multiple Policy Obligations have the same evaluation-order-index, then their order of evaluation is indeterminate.
Default Value	10
Allowed Values	An integer value. Lower limit is 0.
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

extension-class (Read-Only)

Description	The fully-qualified name of the Java class providing the logic for the Third Party Policy Obligation.
Default Value	None
Allowed Values	The fully-qualified name of a Java class that extends or implements com.unboundid.directory.sdk.broker.api.PolicyObligation
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

extension-argument

Description	The set of arguments used to customize the behavior for the Third Party Policy Obligation. Each configuration property should be given in the form 'name=value'.
Default Value	None
Allowed Values	A string
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Policy Obligations:

dsconfig list-policy-obligations
     [--property {propertyName}] ...

To view the configuration for an existing Policy Obligation:

dsconfig get-policy-obligation-prop
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Policy Obligation:

dsconfig set-policy-obligation-prop
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Third Party Policy Obligation:

dsconfig create-policy-obligation
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}
     --type third-party
     --set extension-class:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Policy Obligation:

dsconfig delete-policy-obligation
     --obligation-name {name}
     --rule-name {name}
     --policy-name {name}