Note: this component stores cluster-wide configuration data and is mirrored across all servers in the topology within the the same cluster.
Note: changes to cluster-wide configuration objects are immediately and automatically mirrored across all servers within the same cluster, so offline changes are not supported.
Policy advice that directs the server to process the current SCIM search response using an alternate authorization mode. If this advice is present in a policy decision for a search operation, then SCIM search results will be processed as a group using a single policy operation with the action 'search-results'.
By default, SCIM search responses are authorized by generating multiple policy decision requests with the 'retrieve' action, one for each member of the result set. This default mode enables policy reuse but may result in greater overall policy processing time.
When this advice type is used, the current SCIM search result set will be processed using an alternative authorization mode in which all search results are authorized by a single policy request using the action 'search-results'. The policy request will include an object with a single "Resources" field, which is an array consisting of each matching SCIM resource. Any advices returned in the policy result will then be iteratively applied against each matching SCIM resource, allowing individual search results to be modified or removed.
This advice type does not use a payload.
↓Parent Component
↓Properties
↓dsconfig Usage
The Combine SCIM Search Authorizations Advice component inherits from the Advice
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ advice-id | None |
| ↓ decision-type | |
| ↓ evaluation-order-index |
| Description | A unique identifier for the advice type. This ID must match the "code" string returned from a policy decision request. |
| Default Value | combine-scim-search-authorizations |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | A value indicating to what type of decisions this advice should be applied. |
| Default Value | PERMIT |
| Allowed Values | PERMIT - Only applied to PERMIT decisions. DENY - Only applied to DENY decisions. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
evaluation-order-index (Read-Only)
| Description | If multiple Advice are returned from a single policy request, then this property governs the order in which the Advice will be processed by the Policy Enforcement Point. Obligatory Advice are processed first. Within the set of obligatory or non-obligatory Advice, those with a smaller evaluation-order-index will be evaluated first. If multiple Advice have the same evaluation-order-index, then their order of evaluation is indeterminate. |
| Default Value | 10 |
| Allowed Values | An integer value. Lower limit is 0. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Advice:
dsconfig list-advice
[--property {propertyName}] ...
To view the configuration for an existing Advice:
dsconfig get-advice-prop
--advice-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Advice:
dsconfig set-advice-prop
--advice-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...