Provisioning policy parameter enforcement rules

Provisioning policy parameter enforcement rules

The parameter enforcement types specify the rule for the system to evaluate the validity of an account attribute value. An account that contains an invalid value is considered a noncompliant account. The role of the policy enforcement settings (Mark, Suspend, Correct, and Alert) is to specify the action the system does when the account becomes noncompliant. A Correct policy enforcement setting causes the system to take corrective action for the noncompliant account. Actions, include adding mandatory values to the account and removing invalid values from the account..
Use the following key to determine the enforcement type:

M Mandatory
A Allowed
D Default
E Excluded

A mandatory value is added if it is missing from an account. Default attributes are used only during account creation. Afterward, they can be used. Excluded attribute values are removed only if they are not granted in another policy. Some adapters such as the Oracle eBS adapter support complex group attribute requests. Support for these requests requires the installation of a service profile-specific handler. For more information about handlers, see your specific adapter guide. For accesses that are related to such complex group values, typically the default subattribute values are obtained from the handler plug-in. However, if the provisioning policy for the service has a mandatory enforcement on the group attribute, that value is used instead.

ALLOWED ACTIONS

M A D E Account creation Account validation (reconciliation)

No action. All valid values.

X Mandatory attributes are set. Mandatory attributes are set to the defined value, and all other values are not valid.

X No action. All defined attributes are valid, and all others are not valid.

X Default attributes are set. Default attributes defined are defaulted on account creation, and all other values are also valid.

X No action. Excluded attribute values are removed (all other values can be present or set on the attribute). The valid values are equal to {M + A + D + not(E)}. If a value is not contained in the set of valid values, it is removed. Excluded adds values by negation to the allowed set. It does not remove values from the allowed set.

X X Mandatory attributes are set. Mandatory attributes are set to the defined value. Valid values can be present or set on the attribute.

X X X Mandatory and default attributes are set. Mandatory attributes are set to the defined value. Optional and default values can be present or set on the attribute.

X X X X Mandatory and default attributes are set. Mandatory attributes are set to the defined value. Excluded attribute values are removed. Optional and default values can be present or set on the attribute.

X X Mandatory and default attributes are set. Mandatory attributes are set to a defined value. Default values can be present or set on the attribute.

X X X Mandatory and default attributes are set. Mandatory attributes are set to a defined value. Default values can be present or set on the attribute. Excluded attribute values are removed.

X X Mandatory attributes are set. Mandatory attributes are set to defined values. Excluded attribute values are removed (all other values can be present or set on the attribute).

X X X Mandatory attributes are set. Mandatory attributes are set to defined values. Optional attributes are valid, and must be one of the defined values if a value is set. Excluded attribute values are removed (all other values can be present or set on the attribute).

X X Default attributes are set. Optional attributes are valid and must be one of the defined values if a value is set. Default attributes are valid.

X X X Default attributes are set. Optional attributes are valid, and must be one of the defined values if a value is set. Default attributes are valid. Excluded attribute values are removed (all other values can be present or set on the attribute).

X X No action. Optional attributes are valid, and must be one of the defined values if a value is set. Excluded attribute values are removed (all other values can be present or set on the attribute).

X X Default attributes are set. Default attributes are valid. Excluded attribute values are removed (all other values can be present or set on the attribute).

Parent topic: Provisioning policies

ALLOWED				ACTIONS
M	A	D	E	Account creation	Account validation (reconciliation)
				No action.	All valid values.
X				Mandatory attributes are set.	Mandatory attributes are set to the defined value, and all other values are not valid.
	X			No action.	All defined attributes are valid, and all others are not valid.
		X		Default attributes are set.	Default attributes defined are defaulted on account creation, and all other values are also valid.
			X	No action.	Excluded attribute values are removed (all other values can be present or set on the attribute). The valid values are equal to {M + A + D + not(E)}. If a value is not contained in the set of valid values, it is removed. Excluded adds values by negation to the allowed set. It does not remove values from the allowed set.
X	X			Mandatory attributes are set.	Mandatory attributes are set to the defined value. Valid values can be present or set on the attribute.
X	X	X		Mandatory and default attributes are set.	Mandatory attributes are set to the defined value. Optional and default values can be present or set on the attribute.
X	X	X	X	Mandatory and default attributes are set.	Mandatory attributes are set to the defined value. Excluded attribute values are removed. Optional and default values can be present or set on the attribute.
X		X		Mandatory and default attributes are set.	Mandatory attributes are set to a defined value. Default values can be present or set on the attribute.
X		X	X	Mandatory and default attributes are set.	Mandatory attributes are set to a defined value. Default values can be present or set on the attribute. Excluded attribute values are removed.
X			X	Mandatory attributes are set.	Mandatory attributes are set to defined values. Excluded attribute values are removed (all other values can be present or set on the attribute).
X	X		X	Mandatory attributes are set.	Mandatory attributes are set to defined values. Optional attributes are valid, and must be one of the defined values if a value is set. Excluded attribute values are removed (all other values can be present or set on the attribute).
	X	X		Default attributes are set.	Optional attributes are valid and must be one of the defined values if a value is set. Default attributes are valid.
	X	X	X	Default attributes are set.	Optional attributes are valid, and must be one of the defined values if a value is set. Default attributes are valid. Excluded attribute values are removed (all other values can be present or set on the attribute).
	X		X	No action.	Optional attributes are valid, and must be one of the defined values if a value is set. Excluded attribute values are removed (all other values can be present or set on the attribute).
		X	X	Default attributes are set.	Default attributes are valid. Excluded attribute values are removed (all other values can be present or set on the attribute).