From 99cde950c6a68761c098cdbfc85062fda6bb667d Mon Sep 17 00:00:00 2001 From: Radovan Semancik Date: Wed, 6 Dec 2017 13:35:09 +0100 Subject: [PATCH] Schema/localization of policy rules --- .../localization/Midpoint.properties | 94 +++++++++ .../localization/Midpoint_en.properties | 94 +++++++++ .../xml/ns/public/common/common-core-3.xsd | 27 ++- .../xml/ns/public/common/common-policy-3.xsd | 188 +++++++++++++++++- 4 files changed, 397 insertions(+), 6 deletions(-) diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint.properties b/gui/admin-gui/src/main/resources/localization/Midpoint.properties index 2358f010d52..67a12daf54a 100755 --- a/gui/admin-gui/src/main/resources/localization/Midpoint.properties +++ b/gui/admin-gui/src/main/resources/localization/Midpoint.properties @@ -3797,6 +3797,100 @@ PolicyRulesPanel.orderColumn=Order PolicyRule.constraintsLabel=Constraints PolicyRule.situationLabel=Situation PolicyRule.actionLabel=Action +PolicyRuleType.name=Name +PolicyRuleType.name.help=Short name of the policy rule. It is used to identify the rule in user interface, logfiles, etc. +PolicyRuleType.description=Description +PolicyRuleType.description.help=Free-form description of the policy rule (comment). +PolicyRuleType.policyConstraints=Policy constraints +PolicyRuleType.policyConstraints.help=Policy constraints. When the constraints are violated then the policy rule is triggered and the action takes place. +PolicyRuleType.policySituation=Policy situation +PolicyRuleType.policySituation.help=Policy situation that is the result when this policy rule is triggered. If the situation is not explicitly stated then default situation will be selected instead. The situation is determined by the constraint that triggered the rule. +PolicyRuleType.policyActions=Policy actions +PolicyRuleType.policyActions.help=Action(s) that has to be takes as a reaction to this rule being triggered. +PolicyRuleType.evaluationTarget=Evaluation target +PolicyRuleType.evaluationTarget.help=Whether this rule has to be applied on an object or an assignment. Normally this is determined by looking at policy constraints. But this setting can be used to override that. +AbstractPolicyConstraintType.name=Name +AbstractPolicyConstraintType.name.help=Short name of the policy constraint. It is used to identify the constraint in user interface, logfiles, etc. +AbstractPolicyConstraintType.description=Description +AbstractPolicyConstraintType.description.help=Free-form description of the policy constraint (comment). +AbstractPolicyConstraintType.presentation=Presentation +AbstractPolicyConstraintType.presentation.help=How should be triggering of this constraint presented, e.g. in enforcement messages, in approvals, in certification, in notifications, etc. +PolicyConstraintsType.objectState=Object state +PolicyConstraintsType.objectState.help=Constraint on a particular state of the object. +PolicyConstraintsType.assignmentState=Assignment state +PolicyConstraintsType.assignmentState.help=Constraint on a particular state of an assignment. +PolicyConstraintsType.hasAssignment=Has assignment +PolicyConstraintsType.hasAssignment.help=Constraint requiring a particular assignment. +PolicyConstraintsType.hasNoAssignment=Has no assignment +PolicyConstraintsType.hasNoAssignment.help=Constraint forbidding a particular assignment. +PolicyConstraintsType.exclusion=Exclusion +PolicyConstraintsType.exclusion.help=Exclusion constraint. Constraint that forbids this object to be assigned together with other object. +PolicyConstraintsType.minAssignees=Minimum assignees +PolicyConstraintsType.minAssignees.help=Minimum number of assignees constraint. Number of objects (users) that have this role assigned must be higher or equal to prescribed value. +PolicyConstraintsType.maxAssignees=Maximum assignees +PolicyConstraintsType.maxAssignees.help=Maximum number of assignees constraint. Number of objects (users) that have this role assigned must be lower or equal to prescribed value. +PolicyConstraintsType.modification=Modification +PolicyConstraintsType.modification.help=Constraint that triggers when the object is modified. +PolicyConstraintsType.assignment=Assignment +PolicyConstraintsType.assignment=Constraint that triggers when the object is assigned, usassignmed or the assignment is modified. +PolicyConstraintsType.objectTimeValidity=Object time validity +PolicyConstraintsType.objectTimeValidity.help=A constraint that triggers when validity of an object or any of its time-sensitive items (e.g. password) is about to end. +PolicyConstraintsType.assignmentTimeValidity=Assignment time validity +PolicyConstraintsType.assignmentTimeValidity.help=A constraint that triggers when validity of an assignment or any of its time-sensitive items (e.g. password) is about to end. +PolicyConstraintsType.situation=Policy situation +PolicyConstraintsType.situation.help=Occurrence of the policy situation within an object or an assignment. +PolicyConstraintsType.transition=Transition +PolicyConstraintsType.transition.help=Specifies how the inner constraints are to be evaluated with regards to operation start and end state. +PolicyConstraintsType.ref=Reference +PolicyConstraintsType.ref.help=References another policy constraint e.g. by its name. +ExclusionPolicyConstraintType.targetRef=Target +ExclusionPolicyConstraintType.targetRef.help=Target of exclusion. The object defining this "exclusion" and the object defined as target cannot be assigned at the same time. +PolicyActionsType.enforcement=Enforcement +PolicyActionsType.enforcement.help=This action stops the operation and results with the error. +PolicyActionsType.approval=Approval +PolicyActionsType.approval.help=The operation will be suspended and the approval workflow will be started. If the workflow ends with success the operation will proceed. If the workflow ends with an error the operation will also end with an error. +PolicyActionsType.remediation=Remediation +PolicyActionsType.remediation.help=The operation will proceed. A workflow will be started to remediate the result of the operation after the operation is done. +PolicyActionsType.prune=Prune +PolicyActionsType.prune.help=The operation will proceed. Any other assignments that are in conflict with this assignment that triggered the rule will be "pruned": they will be removed. The removal of the conflicting assignments is automatic and silent. It will not be subject to approvals or other policy constraints. +PolicyActionsType.certification=Certification +PolicyActionsType.certification.help=The operation will proceed. The object will be scheduled for a certification campaign after the operation is done. +PolicyActionsType.notification=Notification +PolicyActionsType.notification.help=The operation will proceed. Notifications are sent at the end of the operation. +PolicyActionsType.record=Record +PolicyActionsType.record.help=The operation will proceed. Policy situation will be recorded for given object or assignment. +PolicyActionType.name=Name +PolicyActionType.name.help=Short name of the policy action. It is used to identify the constraint in user interface, logfiles, etc. +PolicyActionType.description=Description +PolicyActionType.description.help=Free-form description of the policy action (comment). +PolicyActionType.condition=Condition +PolicyActionType.condition.help=Condition specifying when should this action be applied. +ApprovalPolicyActionType.compositionStrategy=Composition strategy +ApprovalPolicyActionType.compositionStrategy.help=How should be this approval policy action composed with other ones that might be related to the same item (object or assignment). +ApprovalPolicyActionType.approvalDisplayName=Approval display name +ApprovalPolicyActionType.approvalDisplayName.help=Display name for this approval definition. If not specified, the name is derived from triggered constraints (short messages). +ApprovalPolicyActionType.approverRelation=Approver relation +ApprovalPolicyActionType.approverRelation.help=What relation(s) to use when determining approvers. E.g. "approver", "owner", "securityApprover", and so on. +ApprovalPolicyActionType.approverRef=Approver +ApprovalPolicyActionType.approverRef.help=Direct enumeration of the approvers to be used. +ApprovalPolicyActionType.approverExpression=Approver expression +ApprovalPolicyActionType.approverExpression.help=Expression(s) that yield approvers to be used. If specified, the expression(s) are evaluated and the result is used as a set of approvers (UserType, OrgType, RoleType, or any combination of them). +ApprovalPolicyActionType.approvalSchema=Approval schema +ApprovalPolicyActionType.approvalSchema.help=More complex (multi-stages) approval schema. +CertificationPolicyActionType.definitionRef=Definition +CertificationPolicyActionType.definitionRef.help=Certification definition(s) to be started as part of the action execution. +PolicyConstraintPresentationType.message=Message +PolicyConstraintPresentationType.message.help=Message to be conveyed to the user. +PolicyConstraintPresentationType.shortMessage=Short message +PolicyConstraintPresentationType.shortMessage.help=Very short message describing the situation. Could be used for e.g. notification messages subject, approval process or work item names. +PolicyConstraintPresentationType.longMessage=Long message +PolicyConstraintPresentationType.longMessage.help=Long, documentation-like explanation of the rule. +PolicyConstraintPresentationType.final=Final +PolicyConstraintPresentationType.final.help=If set to true, no embedded triggers will be presented. Use for hiding constraints that are to be considered too technical to be shown to user. +PolicyConstraintPresentationType.hidden=Hidden +PolicyConstraintPresentationType.hidden.help=If set to true, this trigger will be excluded from presentation. +PolicyConstraintPresentationType.displayOrder=Display order +PolicyConstraintPresentationType.displayOrder.help=Ordinal number that determines ordering of displayed messages. AbstractAssignmentDetailsPanel.doneButton=Done ApprovalProcessesPreviewPanel.processRelatedTo=Approval process related to {0} ApprovalProcessesPreviewPanel.process=Approval process diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties index 99df6ab298b..82442543628 100644 --- a/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties +++ b/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties @@ -3749,6 +3749,100 @@ PolicyRulesPanel.orderColumn=Order PolicyRule.constraintsLabel=Constraints PolicyRule.situationLabel=Situation PolicyRule.actionLabel=Action +PolicyRuleType.name=Name +PolicyRuleType.name.help=Short name of the policy rule. It is used to identify the rule in user interface, logfiles, etc. +PolicyRuleType.description=Description +PolicyRuleType.description.help=Free-form description of the policy rule (comment). +PolicyRuleType.policyConstraints=Policy constraints +PolicyRuleType.policyConstraints.help=Policy constraints. When the constraints are violated then the policy rule is triggered and the action takes place. +PolicyRuleType.policySituation=Policy situation +PolicyRuleType.policySituation.help=Policy situation that is the result when this policy rule is triggered. If the situation is not explicitly stated then default situation will be selected instead. The situation is determined by the constraint that triggered the rule. +PolicyRuleType.policyActions=Policy actions +PolicyRuleType.policyActions.help=Action(s) that has to be takes as a reaction to this rule being triggered. +PolicyRuleType.evaluationTarget=Evaluation target +PolicyRuleType.evaluationTarget.help=Whether this rule has to be applied on an object or an assignment. Normally this is determined by looking at policy constraints. But this setting can be used to override that. +AbstractPolicyConstraintType.name=Name +AbstractPolicyConstraintType.name.help=Short name of the policy constraint. It is used to identify the constraint in user interface, logfiles, etc. +AbstractPolicyConstraintType.description=Description +AbstractPolicyConstraintType.description.help=Free-form description of the policy constraint (comment). +AbstractPolicyConstraintType.presentation=Presentation +AbstractPolicyConstraintType.presentation.help=How should be triggering of this constraint presented, e.g. in enforcement messages, in approvals, in certification, in notifications, etc. +PolicyConstraintsType.objectState=Object state +PolicyConstraintsType.objectState.help=Constraint on a particular state of the object. +PolicyConstraintsType.assignmentState=Assignment state +PolicyConstraintsType.assignmentState.help=Constraint on a particular state of an assignment. +PolicyConstraintsType.hasAssignment=Has assignment +PolicyConstraintsType.hasAssignment.help=Constraint requiring a particular assignment. +PolicyConstraintsType.hasNoAssignment=Has no assignment +PolicyConstraintsType.hasNoAssignment.help=Constraint forbidding a particular assignment. +PolicyConstraintsType.exclusion=Exclusion +PolicyConstraintsType.exclusion.help=Exclusion constraint. Constraint that forbids this object to be assigned together with other object. +PolicyConstraintsType.minAssignees=Minimum assignees +PolicyConstraintsType.minAssignees.help=Minimum number of assignees constraint. Number of objects (users) that have this role assigned must be higher or equal to prescribed value. +PolicyConstraintsType.maxAssignees=Maximum assignees +PolicyConstraintsType.maxAssignees.help=Maximum number of assignees constraint. Number of objects (users) that have this role assigned must be lower or equal to prescribed value. +PolicyConstraintsType.modification=Modification +PolicyConstraintsType.modification.help=Constraint that triggers when the object is modified. +PolicyConstraintsType.assignment=Assignment +PolicyConstraintsType.assignment=Constraint that triggers when the object is assigned, usassignmed or the assignment is modified. +PolicyConstraintsType.objectTimeValidity=Object time validity +PolicyConstraintsType.objectTimeValidity.help=A constraint that triggers when validity of an object or any of its time-sensitive items (e.g. password) is about to end. +PolicyConstraintsType.assignmentTimeValidity=Assignment time validity +PolicyConstraintsType.assignmentTimeValidity.help=A constraint that triggers when validity of an assignment or any of its time-sensitive items (e.g. password) is about to end. +PolicyConstraintsType.situation=Policy situation +PolicyConstraintsType.situation.help=Occurrence of the policy situation within an object or an assignment. +PolicyConstraintsType.transition=Transition +PolicyConstraintsType.transition.help=Specifies how the inner constraints are to be evaluated with regards to operation start and end state. +PolicyConstraintsType.ref=Reference +PolicyConstraintsType.ref.help=References another policy constraint e.g. by its name. +ExclusionPolicyConstraintType.targetRef=Target +ExclusionPolicyConstraintType.targetRef.help=Target of exclusion. The object defining this "exclusion" and the object defined as target cannot be assigned at the same time. +PolicyActionsType.enforcement=Enforcement +PolicyActionsType.enforcement.help=This action stops the operation and results with the error. +PolicyActionsType.approval=Approval +PolicyActionsType.approval.help=The operation will be suspended and the approval workflow will be started. If the workflow ends with success the operation will proceed. If the workflow ends with an error the operation will also end with an error. +PolicyActionsType.remediation=Remediation +PolicyActionsType.remediation.help=The operation will proceed. A workflow will be started to remediate the result of the operation after the operation is done. +PolicyActionsType.prune=Prune +PolicyActionsType.prune.help=The operation will proceed. Any other assignments that are in conflict with this assignment that triggered the rule will be "pruned": they will be removed. The removal of the conflicting assignments is automatic and silent. It will not be subject to approvals or other policy constraints. +PolicyActionsType.certification=Certification +PolicyActionsType.certification.help=The operation will proceed. The object will be scheduled for a certification campaign after the operation is done. +PolicyActionsType.notification=Notification +PolicyActionsType.notification.help=The operation will proceed. Notifications are sent at the end of the operation. +PolicyActionsType.record=Record +PolicyActionsType.record.help=The operation will proceed. Policy situation will be recorded for given object or assignment. +PolicyActionType.name=Name +PolicyActionType.name.help=Short name of the policy action. It is used to identify the constraint in user interface, logfiles, etc. +PolicyActionType.description=Description +PolicyActionType.description.help=Free-form description of the policy action (comment). +PolicyActionType.condition=Condition +PolicyActionType.condition.help=Condition specifying when should this action be applied. +ApprovalPolicyActionType.compositionStrategy=Composition strategy +ApprovalPolicyActionType.compositionStrategy.help=How should be this approval policy action composed with other ones that might be related to the same item (object or assignment). +ApprovalPolicyActionType.approvalDisplayName=Approval display name +ApprovalPolicyActionType.approvalDisplayName.help=Display name for this approval definition. If not specified, the name is derived from triggered constraints (short messages). +ApprovalPolicyActionType.approverRelation=Approver relation +ApprovalPolicyActionType.approverRelation.help=What relation(s) to use when determining approvers. E.g. "approver", "owner", "securityApprover", and so on. +ApprovalPolicyActionType.approverRef=Approver +ApprovalPolicyActionType.approverRef.help=Direct enumeration of the approvers to be used. +ApprovalPolicyActionType.approverExpression=Approver expression +ApprovalPolicyActionType.approverExpression.help=Expression(s) that yield approvers to be used. If specified, the expression(s) are evaluated and the result is used as a set of approvers (UserType, OrgType, RoleType, or any combination of them). +ApprovalPolicyActionType.approvalSchema=Approval schema +ApprovalPolicyActionType.approvalSchema.help=More complex (multi-stages) approval schema. +CertificationPolicyActionType.definitionRef=Definition +CertificationPolicyActionType.definitionRef.help=Certification definition(s) to be started as part of the action execution. +PolicyConstraintPresentationType.message=Message +PolicyConstraintPresentationType.message.help=Message to be conveyed to the user. +PolicyConstraintPresentationType.shortMessage=Short message +PolicyConstraintPresentationType.shortMessage.help=Very short message describing the situation. Could be used for e.g. notification messages subject, approval process or work item names. +PolicyConstraintPresentationType.longMessage=Long message +PolicyConstraintPresentationType.longMessage.help=Long, documentation-like explanation of the rule. +PolicyConstraintPresentationType.final=Final +PolicyConstraintPresentationType.final.help=If set to true, no embedded triggers will be presented. Use for hiding constraints that are to be considered too technical to be shown to user. +PolicyConstraintPresentationType.hidden=Hidden +PolicyConstraintPresentationType.hidden.help=If set to true, this trigger will be excluded from presentation. +PolicyConstraintPresentationType.displayOrder=Display order +PolicyConstraintPresentationType.displayOrder.help=Ordinal number that determines ordering of displayed messages. AbstractAssignmentDetailsPanel.doneButton=Done ApprovalProcessesPreviewPanel.processRelatedTo=Approval process related to {0} ApprovalProcessesPreviewPanel.process=Approval process diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd index 8a631d89200..6f18f7fdd60 100755 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd @@ -13809,9 +13809,23 @@ Name of the rule. It is used to record processing of the rule in the logfiles and for similar diagnostic reasons. + + PolicyRuleType.name + PolicyRuleType.name.help + - + + + + Free-form description of the rule (comment). + + + PolicyRuleType.description + PolicyRuleType.description.help + + + @@ -13819,6 +13833,7 @@ PolicyRuleType.policyConstraints + PolicyRuleType.policyConstraints.help @@ -13830,6 +13845,10 @@ default situation will be selected instead. The situation is determined by the constraint that triggered the rule. + + PolicyRuleType.policySituation + PolicyRuleType.policySituation.help + @@ -13838,6 +13857,10 @@ Action(s) that has to be takes as a reaction to this rule being triggered. + + PolicyRuleType.policyActions + PolicyRuleType.policyActions.help + @@ -13848,6 +13871,8 @@ 3.7 + PolicyRuleType.evaluationTarget + PolicyRuleType.evaluationTarget.help diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd index c018fa0a7cf..59e74bcd169 100644 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-policy-3.xsd @@ -64,6 +64,8 @@ 3.7 + PolicyConstraintsType.objectState + PolicyConstraintsType.objectState.help @@ -74,6 +76,8 @@ 3.7 + PolicyConstraintsType.assignmentState + PolicyConstraintsType.assignmentState.help @@ -84,6 +88,8 @@ 3.7 + PolicyConstraintsType.hasAssignment + PolicyConstraintsType.hasAssignment.help @@ -94,16 +100,32 @@ 3.7 + PolicyConstraintsType.hasNoAssignment + PolicyConstraintsType.hasNoAssignment.help + + + + + + + Exclusion constraint. Constraint that forbids this object to be assigned together with other object. + + + PolicyConstraintsType.exclusion + PolicyConstraintsType.exclusion.help - Actual number of objects that have this role assigned is lower than prescribed value. (The constraint should be perhaps named minAssigneesViolation.) + + PolicyConstraintsType.minAssignees + PolicyConstraintsType.minAssignees.help + @@ -112,6 +134,10 @@ Actual number of objects that have this role assigned is higher than prescribed value. (The constraint should be perhaps named maxAssigneesViolation.) + + PolicyConstraintsType.maxAssignees + PolicyConstraintsType.maxAssignees.help + @@ -121,6 +147,9 @@ This is the same as minAssignees, but indicates that the constraint should be evaluated against an object when evaluating object constraints. HIGHLY EXPERIMENTAL + + true + @@ -130,22 +159,35 @@ This is the same as minAssignees, but indicates that the constraint should be evaluated against an object when evaluating object constraints. HIGHLY EXPERIMENTAL + + true + + Constraint that triggers when the object is modified. Modification of the object (add, modify, delete). (This constraint should be perhaps named objectModification.) + + PolicyConstraintsType.modification + PolicyConstraintsType.modification.help + + Constraint that triggers when the object is assigned, usassignmed or the assignment is modified. Modification of an assignment, i.e. where this object is a target of assignment that is being modified. (This constraint should be perhaps named assignmentModification.) + + PolicyConstraintsType.assignment + PolicyConstraintsType.assignment.help + @@ -156,6 +198,10 @@ 3.6 + + PolicyConstraintsType.objectTimeValidity + PolicyConstraintsType.objectTimeValidity.help + @@ -167,6 +213,10 @@ 3.6 + + PolicyConstraintsType.assignmentTimeValidity + PolicyConstraintsType.assignmentTimeValidity.help + @@ -175,6 +225,12 @@ Occurrence of the policy situation within an object or an assignment. + + + PolicyConstraintsType.situation + PolicyConstraintsType.situation.help + + @@ -217,6 +273,10 @@ 3.7 + + PolicyConstraintsType.transition + PolicyConstraintsType.transition.help + @@ -230,6 +290,10 @@ 3.7 + + PolicyConstraintsType.ref + PolicyConstraintsType.ref.help + @@ -285,10 +349,21 @@ 3.5 + + AbstractPolicyConstraintType.name + AbstractPolicyConstraintType.name.help + - + + + + AbstractPolicyConstraintType.description + AbstractPolicyConstraintType.description.help + + + @@ -297,6 +372,8 @@ 3.7 + AbstractPolicyConstraintType.presentation + AbstractPolicyConstraintType.presentation.help @@ -329,6 +406,10 @@ Message to be conveyed to the user. + + PolicyConstraintPresentationType.message + PolicyConstraintPresentationType.message.help + @@ -336,6 +417,10 @@ Very short message describing the situation. Could be used for e.g. notification messages subject, approval process or work item names. + + PolicyConstraintPresentationType.shortMessage + PolicyConstraintPresentationType.shortMessage.help + @@ -343,6 +428,10 @@ Long, documentation-like explanation of the rule. + + PolicyConstraintPresentationType.longMessage + PolicyConstraintPresentationType.longMessage.help + @@ -352,6 +441,11 @@ If set to true, no embedded triggers will be presented. Use for hiding constraints that are to be considered too technical to be shown to user. EXPERIMENTAL + + true + PolicyConstraintPresentationType.final + PolicyConstraintPresentationType.final.help + @@ -359,13 +453,23 @@ If set to true, this trigger will be excluded from presentation. EXPERIMENTAL + + true + PolicyConstraintPresentationType.hidden + PolicyConstraintPresentationType.hidden.help + - TODO. EXPERIMENTAL. + Ordinal number that determines ordering of displayed messages. EXPERIMENTAL. + + true + PolicyConstraintPresentationType.displayOrder + PolicyConstraintPresentationType.displayOrder.help + @@ -524,7 +628,9 @@

- tns:AbstractRoleType + tns:AbstractRoleType + ExclusionPolicyConstraintType.targetRef + ExclusionPolicyConstraintType.targetRef.help @@ -1061,6 +1167,10 @@ Enforcement action. This action stops the operation and results with the error. + + PolicyActionsType.enforcement + PolicyActionsType.enforcement.help + @@ -1072,6 +1182,10 @@ More approval actions can be specified. They will be eventually merged into one approval process. + + PolicyActionsType.approval + PolicyActionsType.approval.help + @@ -1084,6 +1198,11 @@ This action starts a workflow. Therefore it is ideal for actions that are not frequent but that require immediate attention. E.g. missing manager for organizational unit. + + true + PolicyActionsType.remediation + PolicyActionsType.remediation.help + @@ -1096,6 +1215,11 @@ This mechanism can be used for example to implement set of roles where only one of the roles can be assigned at a time. + + 3.6 + PolicyActionsType.prune + PolicyActionsType.prune.help + @@ -1107,6 +1231,10 @@ and can occur on large number of objects. The campaign is an efficient method how to handle mass decisions. However it mat not be started immediately. + + PolicyActionsType.certification + PolicyActionsType.certification.help + @@ -1115,6 +1243,10 @@ Notification action. The operation will proceed. Notifications are sent at the end of the operation. More notification actions can be specified. + + PolicyActionsType.notification + PolicyActionsType.notification.help + @@ -1123,6 +1255,10 @@ Record action. The operation will proceed. Policy situation will be recorded for given object or assignment. It can be reported on or certified later on. + + PolicyActionsType.record + PolicyActionsType.record.help + @@ -1148,6 +1284,10 @@ Name for the action. It is used for logging and other diagnostic purposes.

+ + PolicyActionType.name + PolicyActionType.name.help + @@ -1157,6 +1297,10 @@ Free-form description (e.g. comments about the action purpose)

+ + PolicyActionType.description + PolicyActionType.description.help + @@ -1168,6 +1312,8 @@ 3.7 + PolicyActionType.condition + PolicyActionType.condition.help @@ -1229,13 +1375,21 @@ How should be this approval policy action composed with other ones that might be related to the same item (object or assignment)? + + ApprovalPolicyActionType.compositionStrategy + ApprovalPolicyActionType.compositionStrategy.help + - If not specified, the name is derived from triggered constraints (short messages). + Display name for this approval definition. If not specified, the name is derived from triggered constraints (short messages). + + ApprovalPolicyActionType.approvalDisplayName + ApprovalPolicyActionType.approvalDisplayName.help + @@ -1248,6 +1402,10 @@ "securityApprover", and so on.

+ + ApprovalPolicyActionType.approverRelation + ApprovalPolicyActionType.approverRelation.help + @@ -1258,6 +1416,10 @@ May be used with approverRelation and approverExpression element(s).

+ + ApprovalPolicyActionType.approverRef + ApprovalPolicyActionType.approverRef.help + @@ -1269,6 +1431,10 @@ May be used with approverRelation and approverRef element(s).

+ + ApprovalPolicyActionType.approverExpression + ApprovalPolicyActionType.approverExpression.help + @@ -1279,6 +1445,10 @@ More complex (multi-stages) approval schema.

+ + ApprovalPolicyActionType.approvalSchema + ApprovalPolicyActionType.approvalSchema.help + + + true + @@ -1585,6 +1758,8 @@ tns:AccessCertificationDefinitionType 3.6 + CertificationPolicyActionType.definitionRef + CertificationPolicyActionType.definitionRef.help @@ -1633,6 +1808,9 @@ How much information about triggered policy rules should be stored? EXPERIMENTAL + + true +