Query items for Provisioning Policy Config namespace

Query items for Provisioning Policy Config namespace

The following table lists the query items in the Provisioning Policy Config namespace. The policies that are in the Draft mode cannot be identified. Although the draft policies are in the list, there is no attribute that can identify the draft policies.

Query subject Query items and their description

Provisioning Policy
Provisioning Policy Name

The name of a provisioning policy.

Provisioning Policy Business Unit

The name of a business unit to which the provisioning policy applies.

Provisioning Policy Is Enabled

Represents whether the provisioning policy is enabled or not. The valid values are Enabled and Disabled.

Provisioning Policy Priority

An integer number greater than zero that indicates the priority of the provisioning policy.

Provisioning Policy Scope

The scope in terms of a hierarchy of the business units to which the provisioning policy applies. The valid values are Single and Subtree.

Provisioning Policy Member Name

The name of a role or user who is a member of the provisioning policy. The valid values are All users in the organization, All other users who are not granted to the entitlement(s) defined by this provisioning policy via other policies, or the names of the roles who are the members.

Provisioning Policy Dn

An LDAP distinguished name for the provisioning policy.

Provisioning Policy Business Unit Dn

An LDAP distinguished name for the business unit to which the provisioning policy applies.

Provisioning Policy Service Name

The name of a service to which the provisioning policy applies.

Provisioning Policy Service Type

The profile type of a service to which the provisioning policy applies.

Provisioning Policy Service Url

A URL of a service to which the provisioning policy applies.

Provisioning Policy Service Business Unit

The business unit of a service to which the provisioning policy applies.

Provisioning Policy Parameters
Provisioning Policy Parameter

A provisioning policy parameter defined by the system administrator.

Provisioning Policy Parameter Value

The parameter value.

Provisioning Policy Parameter Enforcement Type

Specifies the rule for the system to evaluate an attribute value validity. The possible values are Mandatory, Allowed, Default, and Excluded.

Service Target

An LDAP distinguished name for the service that is associated with the provisioning policy.

Provisioning Policy Role Members
Role Member First Name

The given name of a role member.

Role Member Last Name

The surname of a role member.

Role Member Status

The current state of the role member. The valid values are Active and Inactive.

Role Member Dn

An LDAP distinguished name for a role member.

Role Member Business Unit Dn

An LDAP distinguished name for the business unit of a role member.

Role Member Supervisor

The user supervisor of the role member.

ACI Attribute Permissions
ACI Attribute Name

The name of an attribute that is controlled by an ACI.

ACI Attribute Operation

The name of an operation that is governed by an ACI.

ACI Attribute Permission

The permission that applies on an ACI operation. The valid values are grant, deny, and none.

ACI Business Unit Dn

An LDAP distinguished name for the business unit.

ACI Operations
ACI Operation Name

The class operation for an ACI. For example, Search, Add, and Modify.

ACI Operation Permission

The permission associated with a class operation. The valid values are grant, deny, and none.

ACI Business Unit Dn

An LDAP distinguished name for the business unit to which an ACI applies.

Provisioning Policy ACI
ACI Name

The name of an ACI associated with the provisioning policy.

ACI Business Unit

The name of a business unit to which an ACI applies.

ACI Scope

The hierarchy of the business units to which an ACI applies.

ACI Member Name

The members who are governed by an ACI. The valid values are:
All Users - All users in the system.
All Group Members - The users who are the members of these groups.
Supervisor - The supervisor of the business unit in which the provisioning policy resides.
Sponsor - The sponsor of the business partner organization in which the role resides.
Administrator - The administrator of the domain in which the account resides.

ACI System Group Name

The name for IBM Security Identity Manager group that is the part of an ACI. This query item is valid only when ACI member name is the name of the user members of a specified group.

ACI Business Unit Dn

An LDAP distinguished name for the business unit to which an ACI applies.

ACI Role Dn

An LDAP distinguished name for IBM Security Identity Manager group that is a part of an ACI.

ACI Role Business Unit Dn

An LDAP distinguished name for a business unit that is associated with IBM Security Identity Manager group.

ACI Parent

An LDAP distinguished name for the parent container in which an ACI is defined.

Parent topic: Provisioning Policy Config namespace

Query subject	Query items and their description
Provisioning Policy	Provisioning Policy Name The name of a provisioning policy. Provisioning Policy Business Unit The name of a business unit to which the provisioning policy applies. Provisioning Policy Is Enabled Represents whether the provisioning policy is enabled or not. The valid values are Enabled and Disabled. Provisioning Policy Priority An integer number greater than zero that indicates the priority of the provisioning policy. Provisioning Policy Scope The scope in terms of a hierarchy of the business units to which the provisioning policy applies. The valid values are Single and Subtree. Provisioning Policy Member Name The name of a role or user who is a member of the provisioning policy. The valid values are All users in the organization, All other users who are not granted to the entitlement(s) defined by this provisioning policy via other policies, or the names of the roles who are the members. Provisioning Policy Dn An LDAP distinguished name for the provisioning policy. Provisioning Policy Business Unit Dn An LDAP distinguished name for the business unit to which the provisioning policy applies. Provisioning Policy Service Name The name of a service to which the provisioning policy applies. Provisioning Policy Service Type The profile type of a service to which the provisioning policy applies. Provisioning Policy Service Url A URL of a service to which the provisioning policy applies. Provisioning Policy Service Business Unit The business unit of a service to which the provisioning policy applies.
Provisioning Policy Parameters	Provisioning Policy Parameter A provisioning policy parameter defined by the system administrator. Provisioning Policy Parameter Value The parameter value. Provisioning Policy Parameter Enforcement Type Specifies the rule for the system to evaluate an attribute value validity. The possible values are Mandatory, Allowed, Default, and Excluded. Service Target An LDAP distinguished name for the service that is associated with the provisioning policy.
Provisioning Policy Role Members	Role Member First Name The given name of a role member. Role Member Last Name The surname of a role member. Role Member Status The current state of the role member. The valid values are Active and Inactive. Role Member Dn An LDAP distinguished name for a role member. Role Member Business Unit Dn An LDAP distinguished name for the business unit of a role member. Role Member Supervisor The user supervisor of the role member.
ACI Attribute Permissions	ACI Attribute Name The name of an attribute that is controlled by an ACI. ACI Attribute Operation The name of an operation that is governed by an ACI. ACI Attribute Permission The permission that applies on an ACI operation. The valid values are grant, deny, and none. ACI Business Unit Dn An LDAP distinguished name for the business unit.
ACI Operations	ACI Operation Name The class operation for an ACI. For example, Search, Add, and Modify. ACI Operation Permission The permission associated with a class operation. The valid values are grant, deny, and none. ACI Business Unit Dn An LDAP distinguished name for the business unit to which an ACI applies.
Provisioning Policy ACI	ACI Name The name of an ACI associated with the provisioning policy. ACI Business Unit The name of a business unit to which an ACI applies. ACI Scope The hierarchy of the business units to which an ACI applies. ACI Member Name The members who are governed by an ACI. The valid values are: All Users - All users in the system. All Group Members - The users who are the members of these groups. Supervisor - The supervisor of the business unit in which the provisioning policy resides. Sponsor - The sponsor of the business partner organization in which the role resides. Administrator - The administrator of the domain in which the account resides. ACI System Group Name The name for IBM Security Identity Manager group that is the part of an ACI. This query item is valid only when ACI member name is the name of the user members of a specified group. ACI Business Unit Dn An LDAP distinguished name for the business unit to which an ACI applies. ACI Role Dn An LDAP distinguished name for IBM Security Identity Manager group that is a part of an ACI. ACI Role Business Unit Dn An LDAP distinguished name for a business unit that is associated with IBM Security Identity Manager group. ACI Parent An LDAP distinguished name for the parent container in which an ACI is defined.