erSeparationOfDutyRule

erSeparationOfDutyRule

The erSeparationOfDutyRule¹ class stores separation of duty policy rule-specific attributes. The parent class is top.
Attribute name Description Enter

cn Name of the separation of duty policy rule (required). directory string

erCardinality Number of roles allowed.

erRoles Multivalue attribute pointing to the DNs of the roles that are involved in this separation of duty policy rule. This attribute is the expanded hierarchy of roles that relate to the erAffectedRoles attribute of this entry. distinguished name

erAffectedRoles Multivalue attribute pointing to the DNs of the roles that are explicitly defined in this separation of duty policy rule. distinguished name

erURI³ The universal resource identifier. directory string

¹ Indicates the class was added in release 5.1.
³ Indicates the attribute is added in ISIM 6.0.
Parent topic: Policy classes

Attribute name	Description	Enter
cn	Name of the separation of duty policy rule (required).	directory string
erCardinality	Number of roles allowed.
erRoles	Multivalue attribute pointing to the DNs of the roles that are involved in this separation of duty policy rule. This attribute is the expanded hierarchy of roles that relate to the erAffectedRoles attribute of this entry.	distinguished name
erAffectedRoles	Multivalue attribute pointing to the DNs of the roles that are explicitly defined in this separation of duty policy rule.	distinguished name
erURI³	The universal resource identifier.	directory string