Database PIP
When we add or modify a database policy information point (PIP), we configure a connection to a data source. We also determine what information to use from the data source.
Connection properties
- Name
- Identifies the policy information point instance. This name must be unique to the instance. Do not use a predefined Advanced Access Control policy information point issuer name.
The name that we create is the issuer for any attributes the policy information point instance returns.
- Description
- Describes the policy information point. (Optional)
- Type
- Policy information point type, which is Database. (Read only)
- Server Connection
- Specifies the database from which to retrieve the attributes. Select one of the defined databases from the list. If the database we require is not available to select in the list, define it. See Manage server connections.
Attribute properties
- SQL Query
- SQL SELECT statement that queries the database for information. We can use any valid SQL SELECT statement. We cannot add an attribute unless you enter a query statement in this field.
The format of the SELECT statement:
SELECT COLNAME1, COLNAME2, ..., COLNAMEn FROM TABLE WHERE ...
We can also dynamically create the query using attribute values in a query at run time. The attribute that We use must match the name field of that attribute. In the following example, the user name for the request is substituted in the query at run time. The name of the attribute is username:
SELECT COLNAME1, COLNAME2, ..., COLNAMEn FROM TABLE WHERE ACCOUNT_HOLDER = {username}
We can specify only a single select statement when we configure the database policy information point. If we specify multiple SQL statements, an error message is returned. Do not end the statement with a semicolon.
- Attribute
- Attributes that are retrieved from a response and that can be used in a policy or risk score. The database column is mapped to the associated attribute. We can use one or more attributes. We also can add, modify, or delete attributes.
- Database Column
- Specifies the database column that maps to the attribute. Select it from the list of column names or type the name. The column names from the SQL SELECT query are used as the attribute selectors. For example, if we specify the following query:
SELECT ACCOUNT_BALANCE, ACCOUNT_NUMBER FROM ACCOUNTS WHERE ACCOUNT_HOLDER_NAME = 'Joe Smith'
ACCOUNT_BALANCE and ACCOUNT_NUMBER are the column names to select from.
If your SELECT statement specifies a wildcard character, type the column name in this field.
Cache Properties
- Cache size
- Maximum number of entries to keep in the cache
- Cache entry lifetime
- Lifetime of cache entries, in seconds.
Parent topic: Policy information points