CLI Rule Methods
Contents
casso10
Contents
AccessType Method Sets or Retrieves the Flag that Allows or Denies Access to the Resource Protected by the Rule
The AccessType method sets or retrieves the flag that allows or denies access to the resource protected by the rule.
Syntax
The AccessType method has the following format:
Netegrity::PolicyMgtRule->AccessType([allowAccess])
Parameters
The AccessType method accepts the following parameter:
- allowAccess(int)(Optional) Specifies whether the rule allows access to the resource:
- 1 if the rule allows access to the resource
- 0 if the rule denies access to the resource
Return Value
The AccessType method returns one of the following values:
- 1 if the rule allows access to the resource
- 0 if the rule denies access to the resource
- -1 if the call is unsuccessful
Action Method Sets or Retrieves the Action for the Rule
The Action method sets or retrieves the action for the rule.
Syntax
The Action method has the following format:
Netegrity::PolicyMgtRule->Action([action])
Parameters
The Action method accepts the following parameter:
- action(string)(Optional) Specifies the action to perform, as follows:
- For action type Web Agent actions, use one or more of the following HTTP actions. Use commas to separate multiple actions:
- GET. Retrieves a resource for viewing through HTTP.
- POST. Posts user-supplied information through HTTP.
- PUT. Supports legacy HTTP actions.
- For action type Authentication events:
- OnAuthAccept. Occurs when a user successfully authenticates.
- OnAuthAttempt. Occurs when a user fails to authenticate because no user name was supplied.
- OnAuthChallenge. May be used in custom authentication schemes to trigger a response.
- OnAuthReject. Occurs when a user fails to authenticate.
- OnAuthUserNotFound. Used to trigger Active Responses.
- For action type Authorization events:
- OnAccessAccept. Occurs whenCA Single Sign-Onsuccessfully authorizes a user to access the resource.
- OnAccessReject. Occurs whenCA Single Sign-Onrejects a user because the user is not authorized to access the resource.
Return Value
The Action method returns one of the following values:
- The new or the existing rule action
- undefif the call is unsuccessful
ActiveExpr Method Sets or Retrieves the Active Expression for the Rule
The ActiveExpr method sets or retrieves the active expression for the rule.
Syntax
The ActiveExpr method has the following format:
Netegrity::PolicyMgtRule->ActiveExpr([expr])
Parameters
The ActiveExpr method accepts the following parameters:
- expr(string)(Optional) Specifies the active expression to execute.
Return Value
The ActiveExpr method returns one of the following values:
- The new or the existing active expression
- undefif the call is unsuccessful
Agent Method Sets or Retrieves an Agent Object or an Agent Group Object Associated with the Global Rule
The Agent method sets or retrieves an agent object or an agent group object associated with the global rule.
Syntax
The Agent method has the following format:
Netegrity::PolicyMgtRule->Agent(agentObject)
Parameters
The Agent method accepts the following parameter:
- agentObject(objectType)Specifies the agent object or agent group object to associate with the rule. objectType can be either PolicyMgtAgent or PolicyMgtGroup.
Return Value
The Agent method returns a new or existing PolicyMgtAgent object or PolicyMgtGroup object.
Remarks
After the rule is created, the agent associated with the rule can be changed only within the same agent type (such as Web Agent).
Note: Rules that have domain scope are associated with agents indirectly, through a realm.
Description Method Sets or Retrieves the Description of the Rule
The Description method sets or retrieves the description of the rule.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtRule->Description([ruleDesc])
Parameters
The Description method accepts the following parameter:
- ruleDesc(string)(Optional) Specifies the description of the rule.
Return Value
The Description method returns one of the following values:
- A new or existing rule description
- An empty string if the call is unsuccessful
IsEnabled Method Enables or Disables the Rule
The IsEnabled method enables or disables the rule.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtRule->IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
- enableFlag(type)(Optional) Specifies whether to enable the rule:
- 1 enables the rule
- 0 disables the rule
Return Value
The IsEnabled method returns one of the following values:
- 1 if the rule is enabled
- 0 if the rule is disabled
- -1 if the call is unsuccessful
Name Method Sets or Retrieves the Rule Name
The Name method sets or retrieves the rule name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtRule->Name([ruleName])
Parameters
The Name method accepts the following parameter:
- ruleName(string)Specifies the rule name.
Return Value
The Name method returns one of the following values:
- The new or existing rule name
- undefif the call is unsuccessful
RegexMatch Method Determines whether Regular Expression Pattern Matching Is Enabled
The RegexMatch method sets or retrieves the flag that determines whether regular expression pattern matching is enabled for resource-matching operations.
Syntax
The RegexMatch method has the following format:
Netegrity::PolicyMgtRule->RegexMatch([enableFlag])
Parameters
The RegexMatch method accepts the following parameters:
- enableFlag(int)(Optional) Specifies whether to allow regular expression pattern matching:
- 1 allows pattern matching
- 0 disallows pattern matching
Return Value
The RegexMatch method returns one of the following values:
- 1 if regular expression pattern matching is enabled
- 0 if regular expression pattern matching is disabled
- -1 if the call is unsuccessful
Resource Method Sets or Retrieves the Resource Protected by the Rule
The Resource method sets or retrieves the resource protected by the rule.
Syntax
The Resource method has the following format:
Netegrity::PolicyMgtRule->Resource()
Parameters
The Resource method accepts no parameters.
Return Value
The Resource method returns one of the following values:
- The protected resource if the call is successful
- undefif the call is unsuccessful