CLI Policy Methods

Contents
sm1252sp1
Contents
ActiveExpr Method Sets or Retrieves the Active Expression Associated with the Policy
The ActiveExpr method sets or retrieves the active expression associated with the policy.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtPolicy->ActiveExpr([activeExpr])
Parameters
The ActiveExpr method accepts the following parameter:
  1. activeExpr
    (string)
    (Optional) Specifies the active expression to set.
Return Value
The ActiveExpr method returns one of the following values:
  • The new or existing active expression
  • undef
    if the call is unsuccessful
AddRule Method Adds a Rule to the Policy
The AddRule method adds a rule to the policy.
Syntax
The AddRule method has the following format:
Netegrity::PolicyMgtPolicy->AddRule(rule)
Parameters
The AddRule method accepts the following parameter:
  1. rule
    (PolicyMgtRule)
    Specifies the rule to add.
Return Value
The AddRule method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
AddUser Method Adds a User to the Policy
The AddUser method adds a user to the policy.
Syntax
The AddUser method has the following format:
Netegrity::PolicyMgtPolicy->AddUser(user [, iExcludeUser] [, iRecursiveFlag] [, iANDUserFlag])
Parameters
The AddUser method accepts the following parameters:
  1. user
    (PolicyMgtUser)
    Specifies the user to add.
  2. iExcludeUser
    (int)
    (Optional) Specifies whether to exclude a user:
    • 1 excludes the user
    • 0 includes the user
  3. iRecursiveFlag
    (int)
    (Optional) Specifies the setting for the AllowNested flag:
    • 1 sets the AllowNested flag
    • 0 disables the AllowNested flag
  4. iANDUserFlag
    (int)
    (Optional) Specifies the setting for the AND flag:
    1 set the AND flag
    0 disables the AND flag
Return Value
The AddUser method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
AllowNested Method Sets or Retrieves the AllowNested Flag
The AllowNested method sets or retrieves the AllowNested flag.
Syntax
The AllowNested method has the following format:
Netegrity::PolicyMgtPolicy->AllowNested(user[, iRecursiveFlag])
Parameters
The AllowNested method accepts the following parameters:
  1. user
    (PolicyMgtUser)
    Specifies the user for which to set or retrieve the AllowNested flag.
  2. iRecursiveFlag
    (int)
    (Optional) Specifies the value of the
    AllowNested
    flag:
    • 1 for recursive evaluation
    • 0 for non-recursive evaluation
    If this is not passed, the function returns the current value of the
    AllowNested
    flag. The flag applies to all the users added to the policy for a particular user directory.
Return Value
The AllowNested method returns one of the following values:
  • 0 if AllowNested flag is removed successfully.
  • 1 if AllowNested flag is set successfully.
  • -1 if the call is unsuccessful
CreateIPHostConfigName Method Creates an IP Address Configuration
The CreateIPConfigHostName method creates an IP Address configuration based on the host name passed to the method. For the policy to fire, a request must come from the machine with the passed host name.
Syntax
The CreateIPConfigHostName method has the following format:
Netegrity::PolicyMgtPolicy->CreateIPConfigHostName(hostName)
Parameters
The CreateIPConfigHostName method accepts the following parameter:
  1. hostName
    (string)
    Specifies the host name required for the policy to fire.
Return Value
The CreateIPConfigHostName method returns one of the following values:
  • A PolicyMgtIPConfig object
  • undef
    if the call is unsuccessful
CreateIPConfigRange Method Creates an IP Address Configuration
The CreateIPConfigRange method creates an IP Address configuration based on the range of IP addresses passed to the method. For the policy to fire, a request must come from a machine with an IP address that falls within the range.
Syntax
The CreateIPConfigRange method has the following format:
Netegrity::PolicyMgtPolicy->CreateIPConfigRange(ipAddr1, ipAddr2)
Parameters
The CreateIPConfigRange method accepts the following parameters:
  1. ipAddr1
    (string)
    Specifies the beginning IP address in the range of accepted addresses.
  2. ipAddr2
    (string)
    Specifies the ending IP address in the range of accepted addresses.
Return Value
The CreateIPConfigRange method returns one of the following values:
  • A PolicyMgtIPConfig object
  • undef
    if the call is unsuccessful
CreateIPConfigSingleHost Method Creates an IP Address Configuration
The CreateIPConfigSingleHost method creates an IP Address configuration based on the IP address passed to the method. For the policy to fire, a request must come from the machine with the passed IP address.
Syntax
The CreateIPConfigSingleHost method has the following format:
Netegrity::PolicyMgtPolicy->CreateIPConfigSingleHost(ipAddr)
Parameters
The CreateIPConfigSingleHost method accepts the following parameter:
  1. ipAddr
    (string)
    Specifies the IP address required for the policy to fire.
Return Value
The CreateIPConfigSingleHost method returns one of the following values:
  • A PolicyMgtIPConfig object
  • undef
    if the call is unsuccessful
CreateIPConfigSubnetMask Method Creates an IP Address Configuration Based on the IP Address and Subnet Mask
The CreateIPConfigSubnetMask method creates an IP Address configuration based on the IP address and subnet mask passed to the method. For the policy to fire, a request must come from the subnet address derived from the passed IP address and subnet mask.
Syntax
The CreateIPConfigSubnetMask method has the following format:
Netegrity::PolicyMgtPolicy->CreateIPConfigSubnetMask(ipAddr, subnetMask)
Parameters
The CreateIPConfigSubnetMask method accepts the following parameters:
  1. ipAddr
    (string)
    Specifies the IP address used to derive the subnet address.
  2. subnetMask
    (unsigned long)
    Specifies the subnet mask used to derive the subnet address.
Return Value
The CreateIPConfigSubnetMask method returns one of the following values:
  • A PolicyMgtIPConfig object
  • undef
    if the call is unsuccessful
Remarks
The subnet mask value is a number of bits. To arrive at this value, count the bits in the binary value of the address. For example, suppose the subnet mask is 255.255.255.128. The binary format is:
11111111 11111111 11111111 10000000
Counting from left to right, the number to pass in subnetMask would be 25.
DeleteIPConfig Method Deletes the Specified IP Configuration Object
The DeleteIPConfig method deletes the specified IP configuration object.
Syntax
The DeleteIPConfig method has the following format:
Netegrity::PolicyMgtPolicy->DeleteIPConfig(ipConfig)
Parameters
The DeleteIPConfig method accepts the following parameters:
  1. ipConfig
    (PolicyMgtIPConfig)
    Specifies the IP configuration object to delete.
Return Value
The DeleteIPConfig method returns one of the following values:
  • 0 if the deletion is successful
  • -1 if the call is unsuccessful
Description Method Sets or Retrieves the Description of the Policy
The Description method sets or retrieves the description of the policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPolicy->Description([policyDesc])
Parameters
The Description method accepts the following parameter:
  1. policyDesc
    (string)
    Specifies the description to set.
Return Value
The Description method returns one of the following values:
  • The new or existing policy description
  • An empty if the call is unsuccessful
EnforceANDEvaluation Method Sets or Retrieves the ANDUser Group Flag
The EnforceANDEvaluation method sets or retrieves the ANDUser/Group flag depending on the value of the iANDUserFlag.
Syntax
The EnforceANDEvaluation method has the following format:
Netegrity::PolicyMgtPolicy->EnforceANDEvaluation(user[, iANDUserFlag])
Parameters
The EnforceANDEvaluation method accepts the following parameters:
  1. user
    (PolicyMgtUser)
    Specifies the user for which to set or retrieve
    iANDUserFlag
    .
  2. iANDUserFlag
    (int)
    (Optional) Specifies whether to enforce AND evaluation:
    1 to enforce AND evaluation
    0 to remove AND evaluation
    If this argument is not passed, the function returns the current value of
    iANDUserFlag
    . This flag applies to all the users added to the policy for a particular user directory.
Return Value
The EnforceANDEvaluation method returns one of the following values:
  • 0 if ANDUser/Group flag is removed successfully.
  • 1 if ANDUser/Group flag is set successfully.
  • -1 if the call is unsuccessful
ExcludeUser Method Excludes or Includes a User from the Policy
The ExcludeUser method excludes or includes a user from the policy depending on the value of
iExcludeFlag
.
Syntax
The ExcludeUser method has the following format:
Netegrity::PolicyMgtPolicy->ExcludeUser(user[, iExcludeFlag])
Parameters
The ExcludeUser method accepts the following parameters:
  1. user
    (PolicyMgtUser)
    Specifies the user to exclude or include.
  2. iExcludeFlag
    (int)
    (Optional) Specifies whether to exclude the specified user:
    • 1 to exclude the user
    • 0 to include the user
    If this argument is not passed, the function returns the current value of
    iExcludeFlag
    .
Return Value
The ExcludeUser method returns one of the following values:
  • 0 if the user is included successfully.
  • 1 if the user is excluded successfully.
  • -1 if the call is unsuccessful
GetAllIPConfigs Method Retrieves All IP Address Restriction Objects in the Policy
The GetAllIPConfigs method retrieves all IP address restriction objects in the policy.
Syntax
The GetAllIPConfigs method has the following format:
Netegrity::PolicyMgtPolicy->GetAllIPConfigs( )
Parameters
The GetAllIPConfigs method accepts no parameters.
Return Value
The GetAllIPConfigs method returns one of the following values:
  • An array of PolicyMgtIPConfig objects
  • undef
    if no IP address restriction objects are found.
Remarks
See the PolicyMgtIPConfig->GetType method for information about IP address restrictions and IP address restriction types.
GetAllRules Method Retrieves All Rules Associated with the Policy
The GetAllRules method retrieves all rules associated with the policy.
Syntax
The GetAllRules method has the following format:
Netegrity::PolicyMgtPolicy->GetAllRules()
Parameters
The GetAllRules method accepts no parameters.
Return Value
The GetAllRules method returns one of the following values:
  • An array of PolicyMgtRule objects
  • undef
    if no rules are found, or if the call is unsuccessful
GetAllUsers Method Retrieves All Users Associated with the Policy
The GetAllUsers method retrieves all users associated with the policy. If a user directory is specified, only those users associated with that directory are retrieved.
Syntax
The GetAllUsers method has the following format:
Netegrity::PolicyMgtPolicy->GetAllUsers([userDir])
Parameters
The GetAllUsers method accepts the following parameter:
userDir
(PolicyMgtUserDir)
(Optional) Specifies that only users associated with this user directory are retrieved.
Return Value
The GetAllUsers method returns one of the following values:
  • An array of PolicyMgtUser objects
  • undef
    if no users were found, or if the call is unsuccessful
IsEnabled Method Enables or Disables the Policy
The IsEnabled method enables or disables the policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPolicy->IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
  1. enableFlag
    (int)
    (Optional) Specifies whether to enable or disable the policy:
    • 0 disables the policy.
    • 1 enables the policy.
Return Value
The IsEnabled method returns one of the following values:
  • 1 if the policy is enabled.
  • 0 if the policy is disabled.
  • -1 if the call is unsuccessful
Name Method Sets or Retrieves the Policy Name
The Name method sets or retrieves the policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPolicy->Name([policyName])
Parameters
The Name method accepts the following parameter:
  1. policyName
    (string)
    (Optional) Specifies the name to assign to the policy.
Return Value
The Name method returns one of the following values:
  • A new or existing policy name
  • undef
    if the call is unsuccessful
RemoveResponse Method Removes the Response for a Configured Rule in the Policy
The RemoveResponse method removes the response for a configured rule in the policy.
Syntax
The RemoveResponse method has the following format:
Netegrity::PolicyMgtPolicy->RemoveResponse(rule)
Parameters
The RemoveResponse method accepts the following parameter:
  1. rule
    (PolicyMgtRule)
    Specifies the rule whose response should be removed.
Return Value
The RemoveResponse method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
RemoveRule Method Removes the Specified Rule from the Policy
The RemoveRule method Removes the specified rule from the policy.
Syntax
The RemoveRule method has the following format:
Netegrity::PolicyMgtPolicy->RemoveRule(rule)
Parameters
The RemoveRule method accepts the following parameter:
  1. rule
    (PolicyMgtRule)
    Specifies the rule to remove.
Return Value
The RemoveRule method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
RemoveUser Method Removes a User from the Policy
The RemoveUser method removes a user from the policy.
Syntax
The RemoveUser method has the following format:
Netegrity::PolicyMgtPolicy->RemoveUser(user)
Parameters
The RemoveUser method accepts the following parameters:
  1. user
    (PolicyMgtUser)
    Specifies the user to remove.
Return Value
The RemoveUser method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
SetResponse Method Sets the Response for a Configured Rule in the Policy
The SetResponse method sets the response for a configured rule in the policy.
Syntax
The SetResponse method has the following format:
Netegrity::PolicyMgtPolicy->SetResponse(rule, response)
Parameters
The SetResponse method accepts the following parameters:
  1. rule
    (PolicyMgtRule)
    Specifies the rule whose response is being set.
  2. response
    (PolicyMgtResponse)
    Specifies the response to set.
Return Value
The SetResponse method returns one of the following values:
  • 0 if the call is successful.
  • -1 if the call is unsuccessful.