Symantec IGA

Expand all | Collapse all

IM Global Variables: How to minimize migration headaches with environmental factors in PX rules

  • 1.  IM Global Variables: How to minimize migration headaches with environmental factors in PX rules

    Posted Jun 29, 2012 02:49 PM

    Leverage the Key Value Pairing functionality in the IM Management Console/Advance Settings/Miscellaneous/User Defined Properties

     

    Edit:  5/24/2018   Working Example:

     

     

     

     

     

     

     

    With Key Value pairs, you can define a generic name for an Active Directory Host and the real value of the hostname for each environment, but only expose the generic name to the PX rules.
    With the "environmental factor" of the real active directory host name remove from the PX rule, you will be able to migrate this PX rule from DEV to STAGE to PROD with no issues.

     

     

     

    Example:
    Define as many "User Defined Properties" as you wish, below an example with IMPS_ADS_HostName001.
    IMPS_ADS_HostName001 is the generic name that will be used in the PX rule.
    The PX rule's data element will be told how to query for this value.

     


    <!-- ******************** User Defined Properties ******************** -->
    <!-- (Optional) UserDefined describe global user-defined properties accessible from any handler/listener -->
    <!-- UserDefined contains Property elements -->
    <UserDefined>
    <Property name="managerattribute">manager</Property>
    <Property name="IMCD_hostname">imcd001.company.com</Property>
    <Property name="IMCD_port">19389</Property>
    <Property name="IMCD_admin_bind_dn">uid=me,ou=people,ou=internal,dc=company,dc=com</Property>
    <Property name="IMPS_ADS_Hostname001">adshostname001.company.com</Property>
    <Property name="IMPS_Oracle_Hostname001">oraclehostname001.company.com</Property>
    </UserDefined>

     


    FYI: In SP7+ the data source name changes from jdbc/objectstore to iam/im/jdbc/objectstore

     

    How to access these property definitions in PX rules (use data source/sql query data)
    Define a new data element in the PX rule.

     

    <DataElement>
    <Attribute name="friendlyName">Data Sources - Get 'ADSHostName001' from Object Store</Attribute>
    <Attribute name="elementType">element.type.sql.query.data</Attribute>
    <Attribute name="subElement">element.execute.prepared.statement.get</Attribute>
    <Attribute name="priority">5</Attribute>
    <PxParameter extraInfo="" index="1" uiType="TYPED">jdbc/objectstore</PxParameter>
    <PxParameter extraInfo="" index="2" uiType="TYPED">select ATTRIBUTE_VALUE from IM_ENVIRONMENT_JDBC_LD where ATTRIBUTE_NAME = 'IMPS_ADS_HostName001'</PxParameter>
    </DataElement>

     

     

     

     

     

     

    Edit:   2018/05/22   Please add your vote to this link created by divfa01

    Policy Xpress and User Defined Properties 

     

     

     

    brida02 and lagle01 have some additional examples here

    policy xpress get environment variables 



  • 2.  RE: How to minimze migration headaches with environmental factors in PX rul

    Posted Mar 28, 2014 04:03 PM

     

    Thank you Alan. Though a bit more involved than one would have expected (a simple call of a method such as getEnv within PX), this is helpful.

     

     



  • 3.  Re: How to minimize migration headaches with environmental factors in PX rules

    Posted May 23, 2018 11:03 AM

    Examples:

     

     

     

     

     

     

     

     

     

    Updated queries from other team members:

    - Placed as text to allow better search results.

     

     

    SELECT ATTRIBUTE_VALUE FROM IM_ENVIRONMENT_JDBC_LD WHERE SECTION_NAME = 'misc' AND ATTRIBUTE_NAME = 'CheckPxSecurity'
    SELECT ATTRIBUTE_VALUE FROM IM_ENVIRONMENT_JDBC_LD WHERE SECTION_NAME = 'misc' AND ATTRIBUTE_NAME = 'AuditViewTask'
    SELECT ATTRIBUTE_VALUE FROM IM_ENVIRONMENT_JDBC_LD WHERE SECTION_NAME = 'misc' AND ATTRIBUTE_NAME = 'DefaultConsole'
    SELECT ATTRIBUTE_VALUE FROM IM_ENVIRONMENT_JDBC_LD WHERE SECTION_NAME = 'misc' AND ATTRIBUTE_NAME = 'managerattribute'
    SELECT ATTRIBUTE_VALUE FROM IM_ENVIRONMENT_JDBC_LD WHERE SECTION_NAME = 'misc'

     

    SELECT ATTRIBUTE_VALUE
    FROM IM_ENVIRONMENT_JDBC_LD LD, IM_ENVIRONMENT_JDBC ENV
    WHERE SECTION_NAME = 'misc' and
                   REF_ID = ENV.UNIQUE_NAME and
                   FRIENDLYNAME = 'identityEnv' and
                   ATTRIBUTE_NAME = 'AuditViewTask'

     

     

     

     

     

     

     

    Cheers,

     

    Alan.