Adding a Rule-Based Role
A rule-based role is based on a server rule. Any user, group, or role that matches the rule is a member of the role.
To create a rule-based role
1. To navigate to the correct page, do one of the following:
In
My webMethods:
Navigate > Applications > Administration > System-Wide > User Management > Roles > Add Role.
As system administrator:
Administration Dashboard > User Management > Manage Roles > Add Role.
2. In the Role Name field, type the name you want to assign to the new role.
Valid role names can contain only letters, numbers, an underscore, or a space character.
3. To select the Rule Based Role Provider, move that role provider to the Selected Items box.
4. Click Create Role.
5. Under the Match Criteria heading, select Match All Criteria Below or Match Any Criteria Below as the criteria for the rule-based role.
6. Fill in the appropriate match criteria for the rule-based role using the following guidelines:
User DN Value(s): A regular expression that matches any part of the current user's directory distinguished name (DN). In the field, type the portions of the DN to which you want a match.
For example, ou=Engineering.*ou=US matches a user with the following DN:
uid=joe,ou=Development,ou=Engineering,ou=Midwest,ou=US,o=webMethods
Domain Name Expression: A regular expression that matches any part of the name of the current user's directory service as registered in My webMethods Server. In the field, type the directory service name to which you want a match.
For example, US (without quotes) matches a user from the US Corporate directory service. This is a very effective way to govern the look and feel for users that may be in different user directories, such as partners.
Group DN and Role DN Expression: A regular expression that matches any part of any group or role of which the current user is a member. In the field, type the portions of the DN to which you want a match.
For example, ou=Engineering matches a user belonging to a group with the following DN:
cn=portal,ou=Engineering,ou=Midwest,ou=US,o=webMethods.
User Attributes: One or more pairs of user attributes and their values from the user’s record. If you have more than one user attribute, the value set in Match Criteria determines how attributes are matched:
Match All Criteria Below - Each regular expression must match some part of the corresponding attribute value for the current user.
Match Any Criteria Below - Any regular expression in the list can match some part of the corresponding attribute value for the current user.
For example, if the rule is configured to match all criteria, and the configured user attribute pairs are listed in the following table:
Name | Value |
office | Bellevue |
telephonenumber | (425) 564-0000 |
and the current user's attribute values are listed in the following table:
Name | Value (current user) |
office | Bellevue |
telephonenumber | (206) 123-4567 |
the rule does not match the current user because it matches the office attribute value but not the telephonenumber attribute value. If, however, the rule is configured to match any criteria, the preceding example rule does match the current user.
To create an attribute-value pair, click Add. At the prompt, type the attribute name and click OK. At the prompt, type the value to be matched and click OK.
Request Headers: One or more pairs of HTTP header attributes and values. You can match anything that appears within an HTTP header, such as the browser agent string or the kinds of MIME types the user will accept. The rule can be a regular expression, or a simple text string. If you have more than attribute-value pair, the value set in Match Criteria determines how attributes are matched:
Match All Criteria Below - Each regular expression must match some part of the corresponding attribute value for the request header.
Match Any Criteria Below - Any regular expression in the list must match some part of the corresponding attribute value for the request header.
For example, if the rule is configured to match all criteria, and the configured request header pairs are listed in the following table:
Name | Value |
Accept-Charset | utf-8 |
Accept-Language | ja |
and the request header values for the current user are listed in the following table:
Name | Value (current user) |
Accept-Charset | ISO-8859-1,utf-8;q=0.7 |
Accept-Language | en-us,en;q=0.5 |
the rule does not match the current user because it matches the Accept-Charset header value but not the Accept-Language header value. If, however, the rule was configured to match any criteria, the rule does match the current user.
To create an attribute-value pair, click Add. At the prompt, type the attribute name and click OK. At the prompt, type the value to be matched and click OK.
Parent Resource: A resource that matches the current resource or a parent of the current resource. To select a resource, click Browse to open the resource selector and select a resource against which to match the rule.If you want match a resource that is referenced by an alias, you can optionally click Use Alias to select an existing alias on My webMethods Server.
Resource Type: A resource type that matches the current resource type. To select a resource type, click Browse to open the resource selector and select a resource type, from the Extended Types folder, against which to match the rule.If you want match a resource type that is referenced by an alias, you can optionally click Use Alias to select an existing alias on My webMethods Server.
Resource Property: One or more pairs of resource properties and values. If you know the internal name of a property associated with a resource, you can match it. If you have more than one property-value pair, the value set in Match Criteria determines how properties are matched:
Match All Criteria Below - Each regular expression must match some part of the corresponding attribute value for the request header.
Match Any Criteria Below - Any regular expression in the list must match some part of the corresponding attribute value for the request header.
For example, if you want to match files that are PDFs, the property-attribute pair is mimeType=pdf.
To create an property-value pair, click Add. At the prompt, type the attribute name and click OK. At the prompt, type the value to be matched and click OK.
7. Click Apply.