Hi,

In the past I have created a rule that gives users a certain SAP role.
I have done this with a large block of rules that matches a users OU and
Title and adds the role.

E.G.:
<rule>
<description>Add Functional sapRoles Holding-Centrum</description>
<comment xml:space="preserve">sapRoles gebaseerd op functieveld in
eDirectory</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-dn op="not-in-subtree">HaagWonen\DH_Zuidwest</if-src-dn>
<if-attr mode="nocase" name="Title" op="equal">Medewerker
Klantbeheer</if-attr>
</and>
</conditions>
<actions>
<do-add-dest-attr-value name="sapRoles">
<arg-value type="string">
<token-text xml:space="preserve">ZCAAL0XX00</token-text>
</arg-value>
</do-add-dest-attr-value>
<do-add-dest-attr-value name="DirXML-sapLocRoles">
<arg-value type="string">
<token-text
xml:space="preserve">PRDCLNT001:ZCAAL0XX00</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>
<rule>
<description>Add Functional sapRoles Holding-Centrum</description>
<comment xml:space="preserve">sapRoles gebaseerd op functieveld in
eDirectory</comment>
<conditions>
<and>
<if-class-name mode="nocase" op="equal">User</if-class-name>
<if-src-dn op="not-in-subtree">HaagWonen\DH_Zuidwest</if-src-dn>
<if-attr mode="nocase" name="Title"
op="equal">Klantbeheerder</if-attr>
</and>
</conditions>
<actions>
<do-add-dest-attr-value name="sapRoles">
<arg-value type="string">
<token-text xml:space="preserve">ZCAAL0XX00</token-text>
</arg-value>
</do-add-dest-attr-value>
<do-add-dest-attr-value name="DirXML-sapLocRoles">
<arg-value type="string">
<token-text
xml:space="preserve">PRDCLNT001:ZCAAL0XX00</token-text>
</arg-value>
</do-add-dest-attr-value>
</actions>
</rule>


Because there are a lot of changes, I would like to replace these rules
with a policy that uses a mapping table so that it is easier to
maintain. I have created a mapping table that contains the columns
Department, Title and sapRoles. I have also created a policy that checks
if a Title description exists in the Mapping table, if not, the
operation gets vetoed.

But, what do I have to put in a policy to make it look up the user's
Title, look up the table and add the corresponding sapRole?


--
Kind regards,

Arjan
------------------------------------------------------------------------
aanthonisse's Profile: http://forums.novell.com/member.php?userid=3963
View this thread: http://forums.novell.com/showthread.php?t=383035