Lifecycle rules management
Lifecycle rules can be used to automate the large number of manual tasks that administrators must make due to common recurring events. Such events can be account inactivity, password expiration, or contract expiration, which are driven by business policies. Lifecycle rules can also eliminate the potential of some policies to go unenforced.
Overview
- The definition of an event that triggers the rule
- The identification of the lifecycle operation that runs the actions specified in the rule
- Global
- Associated with an entity type
- Associated with an entity
For global rules, an event is defined by a time interval. For example, once a month, or on every Monday at 8:00 a.m. Global lifecycle rules are independent of any particular system entity. The lifecycle operations that can be invoked by a global rule must also be global in nature because there is no context available to call an entity- or entity type-based operation.
Entity and entity type rules also have an event with a time interval. However, the goal of these rules is to affect multiple entities at one time.
Matching criteria for events
A separate event is triggered for each lifecycle object. To prevent events from occurring for possibly thousands of objects that might not be related to the rule, a matching criteria is available for these events.
Without the matching criteria, every object of the specific entity or entity type has the associated lifecycle operation done on it.
With
the criteria, only objects that meet the criteria have the operations
done. The criteria is defined with an LDAP filter syntax. The filter
identifies any objects that meet the criteria and causes the event
to be triggered for only those objects. If no object matches the filter,
the event is not triggered. For example, the criteria might be for
any accounts where (erAccountStatus=1), which means
the accounts are suspended.