The following table lists the query items in the Provisioning
Policy Config namespace.
Note: The policies that are in the Draft mode
cannot be identified. Although the draft policies are in the list,
there is no attribute that can identify the draft policies.
Table 1. Query items in the Provisioning
Policy
Config namespace
| Query subject |
Query
items and their description |
| Provisioning Policy |
- Provisioning Policy Name
- The
name of a provisioning policy.
- Provisioning
Policy Business Unit
- The name of a business unit to which
the provisioning policy applies.
- Provisioning
Policy Is Enabled
- Represents whether the provisioning policy
is enabled or not.
The valid values are
Enabled and Disabled.
- Provisioning Policy Priority
- An integer number greater than zero that indicates the priority
of the provisioning policy.
- Provisioning
Policy Scope
- The scope in terms of a hierarchy of the business
units to which
the provisioning policy applies. The valid values are
Single and Subtree.
- Provisioning
Policy Member Name
- The name of a role or user who is a member
of the provisioning
policy. The valid values are
All users in the organization, All
other users who are not granted to the entitlement(s) defined by this
provisioning policy via other policies, or the names of the
roles who are the members.
- Provisioning
Policy Dn
- An LDAP distinguished name for the provisioning
policy.
- Provisioning Policy Business Unit
Dn
- An LDAP distinguished name for the business unit to which
the
provisioning policy applies.
- Provisioning
Policy Service Name
- The name of a service to which the provisioning
policy applies.
- Provisioning Policy Service
Type
- The profile type of a service to which the provisioning
policy
applies.
- Provisioning Policy Service Url
- A URL of a service to which the provisioning policy applies.
- Provisioning Policy Service Business Unit
- The business unit of a service to which the provisioning policy
applies.
|
| Provisioning Policy Parameters |
- Provisioning Policy Parameter
- A provisioning policy parameter that is defined by the system
administrator.
- Provisioning Policy Parameter
Value
- The parameter value.
- Provisioning
Policy Parameter Enforcement Type
- Specifies the rule for the
system to evaluate an attribute value
validity. The possible values are
Mandatory, Allowed, Default,
and Excluded.
- Service
Target
- An LDAP distinguished name for the service that is
associated
with the provisioning policy.
|
| Provisioning Policy Role Members |
- Role Member First
Name
- The given name of a role member.
- Role Member Last Name
- The surname of a role member.
- Role Member Status
- The current state
of the role member. The valid values are
Active and Inactive.
- Role Member Dn
- An LDAP distinguished name for a role member.
- Role Member Business Unit Dn
- An LDAP distinguished name
for the business unit of a role member.
- Role Member Supervisor
- The user supervisor of the role member.
|
| ACI Attribute Permissions |
- ACI Attribute Name
- The name of an attribute
that is controlled by an ACI.
- ACI Attribute
Operation
- The name of an operation that is governed by an
ACI.
- ACI Attribute Permission
- The
permission that applies on an ACI operation. The valid values
are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP
distinguished name for the business unit.
|
| ACI Operations |
- ACI Operation Name
- The class operation for an ACI. For example,
Search, Add,
and Modify.
- ACI Operation
Permission
- The permission that is associated with a class
operation. The
valid values are
grant, deny, and none.
- ACI Business Unit Dn
- An LDAP distinguished name for the business unit to which an ACI
applies.
|
| Provisioning Policy ACI |
- ACI Name
- The name of an ACI
associated with the provisioning policy.
- ACI Business Unit
- The name of a business unit to which an
ACI applies.
- ACI Scope
- The hierarchy
of the business units to which an ACI applies.
- ACI Member Name
- The members who are governed by an ACI.
The valid values are:
All Users - All users
in the system.All Group Members - The users
who are the members
of these groups.Supervisor - The supervisor
of the business unit
in which the provisioning policy resides.Sponsor - The sponsor of the business partner
organization in which the role resides.Administrator - The administrator of the domain
in which the account resides.
- ACI System Group Name
- The name for IBM Security Identity
Manager group that is the part
of an ACI. This query item is valid only when ACI member name is the
name of the user members of a specified group.
- ACI Business Unit Dn
- An LDAP distinguished name for the
business unit to which an
ACI applies.
- ACI Role Dn
- An LDAP
distinguished name for IBM Security Identity Manager group
that is a part of an ACI.
- ACI Role Business
Unit Dn
- An LDAP distinguished name for a business unit that
is associated
with IBM Security Identity Manager group.
- ACI Parent
- An LDAP distinguished name for the parent container
in which an
ACI is defined.
|