I have a usage case that I need to resolve. I have an idea that seems
to work but it seem like a kludge I'm hoping I can come up with
something that is a little more simple. I'd like to express this
problem as a generic connected system (even though it's on a JDBC
Driver)

The driver has the following Behaviors for usage cases under some
conditions that I'll outline, along with short explanation if those
results are expected and/or desired.

================================================== ===========
Condition1: User Does not Exist in Vault & User Does not Exist in
Connected System
----------------------
Usage Case 1: Create User In Vault results in no user creation in
connected system
-- This is expected/desired because the user does not have an
entitlement
Usage Case 2: Create User in Connected System: results in immediate
deletion from Connected System
-- This is expected/desired because there is no matching on publisher
is FALSE

================================================== ===========
Condition2: User exists in Vault (with Entitlement) & does NOT exist
in Database
----------------------
Usage Case 1: Grant Entitlement in Vault: results in create in DB+add
association
--This is expected/desired
Usage Case 2: Add User to Database: Results in Association being
created
--This is expected and desired because matching on publisher is TRUE

================================================== ===========
Condition3: User exists in Vault (no Entitlement) & does NOT exist in
Database
----------------------
Usage Case 1: Grant Entitlement in Vault: results in create in DB+add
association
--This is expected/desired
Usage Case 2: Add User to Database: Results in Association being
created
--This is expected but UNDESIRED
================================================== ===========

Assume for a moment that there is a valid reason for condition 3.
What is the best way to go about blocking that matching policy on the
publisher channel.

I was thinking something along the lines of running a query on the
publisher channel that gets all the DirXML-EntitlementRef (I already
have the XPATH that can find and match a granted entitlement from that
query) and failing that test never let the "find matching object" action
run (or force it to search for something that's not there)

Then the existing deletion rules should kick in(or not kick in) and
bring order to the universe again.


--
markgard
------------------------------------------------------------------------
markgard's Profile: http://forums.novell.com/member.php?userid=1534
View this thread: http://forums.novell.com/showthread.php?t=412823