Defining Role Conditions

  1. On the Global Roles page, click the name of the new global role to display the Global Role Conditions page.
  2. Under Role Conditions, click Add Condition.
  3. The following prompt is displayed:

    Choose the predicate you wish to use as your new condition

  4. Choose a predicate from the list box. Typically, you choose Group. When a group is used to create a security role, the security role can be granted to all members of the group (that is, multiple users).
  5. Click Next. Depending on what you chose for your condition predicate, do one of the following steps, described in Table 22-6.
  6. Table 22-6 Condition Predicate Options 
    Condition Predicate...
    Complete These Steps...
    If you selected Group, enter one or more arguments that define the group or groups that should hold this role
    1. In the Group Argument Name field, enter an argument that defines the group.
    2. Click Add.
    3. If necessary, repeat steps 1 and 2 until you have finished adding arguments. You can click Remove to remove the arguments from the list.
    4. Click Finish.
    If you selected User, enter one or more arguments that define the user or users that should hold this role
    1. In the User Argument Name field, enter an argument that defines the user.
    2. Click Add.
    3. If necessary, repeat steps 1 and 2 until you have finished adding arguments. You can click Remove to remove the arguments from the list.
    4. Click Finish.
    If you selected Server is in development mode, Allow access to everyone or Deny access to everyone
    Click Finish.
    If you selected a time-constrained predicate such as Access occurs between specified hours, select start and end times and a GMT offset
    1. In the Starting Time field, enter the earliest permissible time in the format hh:mm:ss AM|PM. For example, enter 12:45:00 AM.
    2. In the Ending Time field, enter the latest permissible time in the format hh:mm:ss AM|PM. For example, enter 12:45:00 AM.
    3. In the GMT offset field, enter the time ahead of GMT in the format GMT+hh:mm, or behind GMT in the format GMT-hh:mm. For example, Eastern Standard Time in the USA is GMT-5:00.
    4. Click Finish.
    If you selected Context element defined, enter a context element name
    1. In the Context element name field, enter the name of the context element.
    2. Click Finish.
    If you selected Context element's value equals a numeric constant, Context element's value is greater than a numeric constant, or Context element's value is less than a numeric constant, enter a context element name and a numeric value to compare it against
    1. In the Context element name field, enter the name of the context element the value of which is to be evaluated.
    2. In the Numeric Value field, enter a numeric value.
    3. Click Finish.
    If you selected Context element's value equals a string value, enter a context element name and a string value to compare it against
    1. In the Context element name field, enter the name of the context element the value of which is to be evaluated.
    2. In the String Value field, enter the string value that you want to compare.
    3. Click Finish.
    If you selected a time-constrained predicate such as Access occurs before or Access occurs after
    1. In the Date field, enter a date in the format mm/dd/yy. For example, enter 1/1/04. You can add an optional time in the format hh:mm:ss AM|PM. For example, you can enter 1/1/04 12:45:00 AM.
    2. Click Finish.
    If you selected the time-constrained predicate Access occurs on specified days of the week, select the day of the week and a GMT offset
    1. In the Day of week field, enter the day of the week.
    2. In the GMT offset field, enter the time ahead of GMT in the format GMT+hh:mm, or behind GMT in the format GMT-hh:mm. For example, Eastern Standard Time in the USA is GMT-5:00.
    3. Click Finish.
    If you selected a time-constrained predicate such as Access occurs on a specified day of the month, Access occurs before a specified day of the month, or Access occurs after a specified day of the month
    1. In the Day of the Month field, enter the ordinal number of the day within the current month with values in the range from -31 to 31. Negative values count back from the end of the month, so the last day of the month is specified as -1. 0 indicates the day before the first day of the month.
    2. In the GMT offset field, enter the time ahead of GMT in the format GMT+hh:mm, or behind GMT in the format GMT-hh:mm. For example, Eastern Standard Time in the USA is GMT-5:00.
    3. Click Finish.

  7. If necessary, repeat the steps to add expressions based on different role conditions. In the Role Conditions section, you can do the following steps, described in Table 22-7, to modify the expressions.
  8. Table 22-7 Role Conditions Options 
    To...
    Complete These Steps...
    Change the ordering of the selected expression.
    Click Move Up and Move Down.
    Merge or unmerge role conditions and switch the highlighted and or statements between expressions.
    Click Combine and Uncombine.
    Make a condition negative; for example, NOT Group Operators excludes the Operators group from the role.
    Click Negate.
    Delete a selected expression.
    Click Remove.

  9. When all the expressions in the Role Conditions section are correct, click Save.
  10. To end the session and deploy the configuration to the run time, click Activate under Change Center.