Policy join directives configuration
Provisioning policy join directives determine the provisioning parameter values that govern when multiple provisioning policies affect the same account. A join directive defines how to process an attribute when a conflict occurs between provisioning policies. Join directives applicable only to the selected attribute are displayed.
The entitlement target type also plays a role in how policy join directives resolve which entitlement is granted when conflicts arise between policies. When two or more policies grant similar entitlements, the more specific entitlement takes precedence. For example, one provisioning policy might include an entitlement defined to grant access to a type of service (that is, AIX® named AIX105). The second policy might include an entitlement defined to grant access to a specific instance of that service (that is, AIX). In this case, the more specific entitlement takes precedence.
Join Directive | Description |
---|---|
Union |
Combines the attribute values and removes the redundancies.
This join directive is the default parameter for multivalued attributes if no other join directive is specified. |
Intersection |
Only parameter values common to all policies. |
Append |
Appends the textual attribute value defined in
one policy to the attribute value defined in another policy. The
APPEND join type was designed for single-valued text attributes such
as When you
join provisioning parameters by using the APPEND join type, all individual
values are concatenated into a single string value. Concatenation
provides with a user-defined delimiter between values. The delimiter
can be defined (changed) in enrolepolicies.properties file, where
the current line reads:
|
And |
Specifies the mathematical AND used on a boolean string that represents a boolean value. TRUE & TRUE = TRUE TRUE & FALSE = FALSE FALSE & FALSE = FALSE |
Or |
Specifies the mathematical OR used on a boolean string that represents a boolean value. TRUE || TRUE = TRUE TRUE || FALSE = TRUE FALSE || FALSE = FALSE |
Highest |
Uses only the highest numeric attribute value from the conflicting policies. |
Lowest |
Uses only the lowest numeric attribute value from the conflicting policies. |
Average |
Averages the numeric attribute values from the conflicting policies and uses the average value. |
Bitwise_Or |
Specifies the mathematical Bitwise OR used on an attribute value that represents a bitstring. |
Bitwise_And |
Specifies the mathematical Bitwise AND used on an attribute value that represents a bitstring. |
Precedence_Sequence |
Uses a user-defined ordering precedence to determine which attribute value to use. |
Priority |
Uses the priority of the policy to determine which attribute value to use. If the conflicting policies have the same priority, then the order in which these conflicting policies are evaluated is random. The evaluation is based on which policy the system retrieves first. For example, two policies have the same priority and define the same attribute with different values. If the attribute uses the ‘Priority' join directive type, the attribute value returned by the policy varies based on the system retrieval. |
Service attribute type | Applicable join directive | Default join directive |
---|---|---|
Multivalued string or number attribute | UNION, INTERSECTION.PRIORITY, CUSTOM | UNION |
Single-valued string | PRECEDENCE_SEQUENCE, PRIORITY, AND, OR, APPEND, BITWISE_AND, BITWISE_OR, HIGHEST, LOWEST, AVERAGE, CUSTOM | PRIORITY |
Single-valued boolean string | AND, OR, PRIORITY, CUSTOM | OR |
Single-valued integer | HIGHEST, LOWEST, AVERAGE, PRIORITY, PRECEDENCE_SEQUENCE, CUSTOM | HIGHEST |
Singled-valued bitstring | BITWISE_AND, BITWISE_OR, PRIORITY, CUSTOM | BITWISE_OR |