000011870 - How to write Policy Rules that only apply to users in a specific status.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011870
IssueHow to write Policy Rules that only apply to users in a specific status. 
Resolution

The changes below create a rule which fires when a user is in a NiotEnrolled status. It can easily be modified to triiger on other conditions such as a user who is locked out.

In the policy rules file signinDeviceOnly.drl at the top in the import section add the following:

      <import>com.passmarksecurity.api.UserStatus</import>
      <import>com.rsa.csd.api.RsaUser</import>

Then in the main section of rules add the following new rule:

      <!--
            Detect users who are not enrolled
       -->

      <rule no-loop="true" salience="999">
            <parameter identifier="facts">
                  <class>com.rsa.csd.api.facts.Fact</class>
             </parameter>

            <parameter identifier="risk">
                  <class>AuthRiskResult</class>
            </parameter>

            <java:condition>
      ((RsaUser)facts.getValue("user.legacyObject")).getStatus().toString().equals(UserStatus._NOTENROLLED)
            </java:condition>

            <java:consequence>
                  drools.retractObject(facts);
                  drools.retractObject(risk);
            </java:consequence>

      </rule>

Finally in c-config-forensic.xml create a policy for the new rule:

                        <entry key="NotEnrolled">
                              <value>ALLOW</value>
                        </entry>

Legacy Article IDa52670

Attachments

    Outcomes