In Designer, you can create Rules and within those rules you can have
Condition Groups.

So let's say I have a rule:
Scoping

and the rule has a Condition Group 1
If class name = user
and
if source-dn = not in subtree XYZ

Action:
Veto

But you also need to check for other things like:

If attribute: ABC
does not contain: XYZ

Action:
Veto

Does it matter if you create the attribute checking in another Condition
Group (ie: Condition Group 2) within Rule #1

or

Create Rule #2, and create Condition Group #1?

Does IDM process the items in order that you see them in Designer? (ie:
Rule #1, the condition groups within, then on to Rule #2, the condition
groups within, etc.)?

And if so, what happens once it finds a matching rule? Does it "stop"
or continue on to the other groups/rules?

I know there's exceptions like if you use an Action: Break

And, trying to be "efficient", would the ordering matter if IDM evalutes
all the rules, etc. first?


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=48451