In creating rules for a role, you may include >=, <=, <, and > operators. However, these operators are evaluated as strings by the LDAP directory or relational database. Most user stores compare strings based on the alphabet. Therefore, in comparing 500 to 1100, the user store may determine that 500 is greater because 5 is greater than 1.
You may be able to change the way strings are compared in the user store. Consult the documentation for the LDAP directory service or relational database software.
CA IdentityMinder processes OR statements before AND statements. Consider the following example:
where(company=CA and city=Boston or city=Framingham)
In this example, CA IdentityMinder processes (Boston or Framingham) first and then performs the logical AND with company=CA.
|
Copyright © 2013 CA.
All rights reserved.
|
|