Workflow › Policy-Based Workflow › Objects of Rules

Objects of Rules

A CA Identity Manager administrator can create approval policies for an event or admin task based on the following objects. The following are the objects for an event if they apply to a given event and are present during event execution:

• Initiator of the task – The CA Identity Manager administrator who executes the task.
• Primary object of the event – The primary object associated with the event.
• Secondary object of the event – The secondary object associated with the event relative to the primary object.

The following are the objects for an admin task:

• Primary Object of the Task – The primary object associated with the task
• Initiator of the Task - The CA Identity Manager administrator who executes the task.
• Identity Policy Violations - For identity policy violations, the rules are based on the policy name of the identity policy that caused the violation, for example, Policy Name EQUALS TitlePolicy. The violation message is displayed on the Task Details tab of the Approval Screen which is the same as the View Submitted Tasks Task Details. The SOD violation message is displayed under a new section heading named Identity Policy Violation. An approver can view these messages and decide to approve or reject the task.

  Note: If a rule is based on Identity Policy Violation, the evaluation is different from normal evaluation. An SOD violation once approved does not invoke any other workflow process even if there are other rules that may evaluate to true for that particular SOD violation. With normal evaluation, all workflow processes one-by one even if the same change while the normal evaluation is, it will invoke all the workflow processes one-by-one even if the same change has been approved by other approvers.