Join logic examples
This topic provides examples that show how to use provisioning policy join directives.
This section provides more examples of join logic.
Scenario 1
Multiple applicable entitlements might be joined. The parameter value is only allowed to take on the value that is specified by the second policy under these conditions:
- No parameter values are selected for an attribute in one policy, that is, all values are allowed.
- One allowed parameter value is entered for an attribute in another policy, that is, only the specified value is allowed.
Scenario 2
This example illustrates a priority-based provisioning policy join directive for a single-valued attribute. The following table identifies two provisioning policies for this scenario:
Policy | Description |
---|---|
Policy 1 |
Priority = 1
Attribute: erdivision = divisionA, enforcement = DEFAULT |
Policy 2 |
Priority = 2
Attribute: erdivision = divisionB, enforcement = MANDATORY |
Because Policy 1 has a higher priority, only Policy
1's definition for the erdivision
attribute is used.
Policy 2's value for the erdivision
attribute is
ignored. All other values besides divisionA are disallowed.
Scenario 3
This example illustrates a union-based provisioning policy join directive for a multivalued attribute. The following table identifies two provisioning policies for this scenario:
Policy | Description |
---|---|
Policy 1 |
Priority = 1
Attribute: localgroup = groupA, enforcement = DEFAULT |
Policy 2 |
Priority = 2
Attribute: localgroup = groupB, enforcement = MANDATORY |
- During account creation,
localgroup
attribute is defined with both values groupA and groupB. - During reconciliations,
localgroup
is defined as groupB if the attribute is undefined or incorrectly defined.