The following table lists the query items in the Provisioning
Policy Config namespace.
Note: The policies that are in the Draft mode
cannot be identified. Although the draft policies are in the list,
there is no attribute that can identify the draft policies.
Table 1. Query items in the Provisioning Policy
Config namespace
| Query subject |
Query items and their description |
| Provisioning Policy |
- Provisioning Policy Name
- The name of a provisioning policy.
- Provisioning Policy Business Unit
- The name of a business unit to which the provisioning policy applies.
- Provisioning Policy Is Enabled
- Represents whether the provisioning policy is enabled or not.
The valid values are
Enabled and Disabled.
- Provisioning Policy Priority
- An integer number greater than zero that indicates the priority
of the provisioning policy.
- Provisioning Policy Scope
- The scope in terms of a hierarchy of the business units to which
the provisioning policy applies. The valid values are
Single and Subtree.
- Provisioning Policy Member Name
- The name of a role or user who is a member of the provisioning
policy. The valid values are
All users in the organization, All
other users who are not granted to the entitlement(s) defined by this
provisioning policy via other policies, or the names of the
roles who are the members.
- Provisioning Policy Dn
- An LDAP distinguished name for the provisioning policy.
- Provisioning Policy Business Unit Dn
- An LDAP distinguished name for the business unit to which the
provisioning policy applies.
- Provisioning Policy Service Name
- The name of a service to which the provisioning policy applies.
- Provisioning Policy Service Type
- The profile type of a service to which the provisioning policy
applies.
- Provisioning Policy Service Url
- A URL of a service to which the provisioning policy applies.
- Provisioning Policy Service Business Unit
- The business unit of a service to which the provisioning policy
applies.
|
| Provisioning Policy Parameters |
- Provisioning Policy Parameter
- A provisioning policy parameter that is defined by the system
administrator.
- Provisioning Policy Parameter Value
- The parameter value.
- Provisioning Policy Parameter Enforcement Type
- Specifies the rule for the system to evaluate an attribute value
validity. The possible values are
Mandatory, Allowed, Default,
and Excluded.
- Service Target
- An LDAP distinguished name for the service that is associated
with the provisioning policy.
|
| Provisioning Policy Role Members |
- Role Member First Name
- The given name of a role member.
- Role Member Last Name
- The surname of a role member.
- Role Member Status
- The current state of the role member. The valid values are
Active and Inactive.
- Role Member Dn
- An LDAP distinguished name for a role member.
- Role Member Business Unit Dn
- An LDAP distinguished name for the business unit of a role member.
- Role Member Supervisor
- The user supervisor of the role member.
|
| ACI Attribute Permissions |
- ACI Attribute Name
- The name of an attribute that is controlled by an ACI.
- ACI Attribute Operation
- The name of an operation that is governed by an ACI.
- ACI Attribute Permission
- The permission that applies on an ACI operation. The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit.
|
| ACI Operations |
- ACI Operation Name
- The class operation for an ACI. For example,
Search, Add,
and Modify.
- ACI Operation Permission
- The permission that is associated with a class operation. The
valid values are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit to which an ACI
applies.
|
| Provisioning Policy ACI |
- ACI Name
- The name of an ACI associated with the provisioning policy.
- ACI Business Unit
- The name of a business unit to which an ACI applies.
- ACI Scope
- The hierarchy of the business units to which an ACI applies.
- ACI Member Name
- The members who are governed by an ACI. The valid values are:
All Users - All users in the system.All Group Members - The users who are the members
of these groups.Supervisor - The supervisor of the business unit
in which the provisioning policy resides.Sponsor - The sponsor of the business partner
organization in which the role resides.Administrator - The administrator of the domain
in which the account resides.
- ACI System Group Name
- The name for IBM Verify Identity Governance group that is the part of an ACI. This query item
is valid only when ACI member name is the name of the user members
of a specified group.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit to which an
ACI applies.
- ACI Role Dn
- An LDAP distinguished name for IBM Verify Identity Governance group that is a part of an ACI.
- ACI Role Business Unit Dn
- An LDAP distinguished name for a business unit that is associated
with IBM Verify Identity Governance
group.
- ACI Parent
- An LDAP distinguished name for the parent container in which an
ACI is defined.
|