Using the Rule Editor

Rules are associated with system activities on a variety of pages (such as the Schedule Certification, Edit Application, and Edit Policy pages), and throughout the IdentityIQ user interface. At these points, an existing rule can be selected to attach to the activity. Most, but not all, of these UIs also provide an entry point to the Rule Editor, for writing new rules or editing existing rules. Some UIs, such as the Rapid Setup Configuration pages, allow you to select rules but do not provide a direct link to the Rule Editor.

To edit an existing rule, first select the rule, then click the [...] button to open the Rule Editor.

To create a new rule, click the [...] button without selecting an existing rule, and a blank Rule Editor window is opened where you can create a new rule.

Rule Editor Fields

The Rule Editor uses these fields to define the rule and its business logic:

Copy From Existing Rule

If you want to reuse existing code in your new rule, select an existing rule to copy.

Rule Name

Enter a unique name for the new rule, that clearly describes the purpose. It is useful to include the type of rule in the name, such as "Customization – My App," or "Exclusion – Inactive Users."

Description

Enter text that describes the purpose of the rule and what it does.

Arguments and Returns

These sections list the input variables (Arguments) that can be used in the script, and the return information (Returns). Click on any of the arguments or returns to show more detailed information. These fields cannot be changed in the Rule Editor.

Rule Type

The rule type determines the purpose of the rule and where it can appear in dropdown lists in the IdentityIQ UI. In most cases, the Rule Editor does not allow you to change the Rule Type.

Rule Editor

In the main editor of this UI, enter the BeanShell code for the rule. The rule cannot be saved until some code is entered. Note that no validation is performed; even if the rule is syntactically incorrect, it is accepted and saved. Incorrect rules may result in tasks, workflows or certifications failing to execute, and in errors and large stack traces in the log files.