Lifecycle rules management

Lifecycle rules can be used to automate the large number of manual tasks that administrators must make due to common recurring events. Such events can be account inactivity, password expiration, or contract expiration, which are driven by business policies. Lifecycle rules can also eliminate the potential of some policies to go unenforced. Establishing lifecycle rules enables administrators to define events that can be triggered based on a time interval or based on time and matching criteria evaluated against an entity. The administrator can then associate lifecycle operations to run as a result of that event. All lifecycle rules consist of two parts:

• The definition of an event that triggers the rule

• The identification of the lifecycle operation that runs the actions specified in the rule

Each rule can be defined in one of these ways:

• Global

• Associated with an entity type

• Associated with an entity

For global rules, an event is defined by a time interval. For example, once a month, or on every Monday at 8:00 a.m. Global lifecycle rules are independent of any particular system entity. The lifecycle operations that can be invoked by a global rule must also be global in nature because there is no context available to call an entity- or entity type-based operation.

Entity and entity type rules also have an event with a time interval. However, the goal of these rules is to affect multiple entities at one time.

Matching criteria for events

A separate event is triggered for each lifecycle object. To prevent events from occurring for possibly thousands of objects that might not be related to the rule, a matching criteria is available for these events.

Without the matching criteria, every object of the specific entity or entity type has the associated lifecycle operation done on it.

With the criteria, only objects that meet the criteria have the operations done. The criteria is defined with an LDAP filter syntax. The filter identifies any objects that meet the criteria and causes the event to be triggered for only those objects. If no object matches the filter, the event is not triggered. For example, the criteria might be for any accounts where (erAccountStatus=1), which means the accounts are suspended.

See

• Lifecycle rule filters and schedules
  
• Lifecycle rule processing
  
• Lifecycle rule modification
  
• Lifecycle event schema information
  
• Add lifecycle rules for entities
  
• Change lifecycle rules for entities
  
• Deleting lifecycle rules for entities
  
• Running lifecycle rules for entities
  
• LDAP filter expressions
  

Parent topic: Configure