Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › CLI Policy Methods

CLI Policy Methods

ActiveExpr Method—Sets or Retrieves the Active Expression Associated with the Policy

The ActiveExpr method sets or retrieves the active expression associated with the policy.

Syntax

The ActiveExpr method has the following format:

Netegrity::PolicyMgtPolicy‑>ActiveExpr([activeExpr])

Parameters

The ActiveExpr method accepts the following parameter:

activeExpr (string)

(Optional) Specifies the active expression to set.

Return Value

The ActiveExpr method returns one of the following values:

• The new or existing active expression
• undef if the call is unsuccessful

AddRule Method—Adds a Rule to the Policy

The AddRule method adds a rule to the policy.

Syntax

The AddRule method has the following format:

Netegrity::PolicyMgtPolicy‑>AddRule(rule)

Parameters

The AddRule method accepts the following parameter:

rule (PolicyMgtRule)

Specifies the rule to add.

Return Value

The AddRule method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful

AddUser Method—Adds a User to the Policy

The AddUser method adds a user to the policy.

Syntax

The AddUser method has the following format:

Netegrity::PolicyMgtPolicy‑>AddUser(user [, iExcludeUser] [, iRecursiveFlag] [, iANDUserFlag])

Parameters

The AddUser method accepts the following parameters:

user (PolicyMgtUser)

Specifies the user to add.

iExcludeUser (int)

(Optional) Specifies whether to exclude a user:

• 1 excludes the user
• 0 includes the user

  iRecursiveFlag (int)

(Optional) Specifies the setting for the AllowNested flag:

• 1 sets the AllowNested flag
• 0 disables the AllowNested flag

  iANDUserFlag (int)

(Optional) Specifies the setting for the AND flag:

1 set the AND flag

0 disables the AND flag

Return Value

The AddUser method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful

AllowNested Method—Sets or Retrieves the AllowNested Flag

The AllowNested method sets or retrieves the AllowNested flag.

Syntax

The AllowNested method has the following format:

Netegrity::PolicyMgtPolicy‑>AllowNested(user[, iRecursiveFlag])

Parameters

The AllowNested method accepts the following parameters:

user (PolicyMgtUser)

Specifies the user for which to set or retrieve the AllowNested flag.

iRecursiveFlag (int)

(Optional) Specifies the value of the AllowNested flag:

• 1 for recursive evaluation
• 0 for non-recursive evaluation

If this is not passed, the function returns the current value of the AllowNested flag. The flag applies to all the users added to the policy for a particular user directory.

Return Value

The AllowNested method returns one of the following values:

• 0 if AllowNested flag is removed successfully.
• 1 if AllowNested flag is set successfully.
• -1 if the call is unsuccessful

CreateIPHostConfigName Method—Creates an IP Address Configuration

The CreateIPConfigHostName method creates an IP Address configuration based on the host name passed to the method. For the policy to fire, a request must come from the machine with the passed host name.

Syntax

The CreateIPConfigHostName method has the following format:

Netegrity::PolicyMgtPolicy‑>CreateIPConfigHostName(hostName)

Parameters

The CreateIPConfigHostName method accepts the following parameter:

hostName (string)

Specifies the host name required for the policy to fire.

Return Value

The CreateIPConfigHostName method returns one of the following values:

• A PolicyMgtIPConfig object
• undef if the call is unsuccessful

CreateIPConfigRange Method—Creates an IP Address Configuration

The CreateIPConfigRange method creates an IP Address configuration based on the range of IP addresses passed to the method. For the policy to fire, a request must come from a machine with an IP address that falls within the range.

Syntax

The CreateIPConfigRange method has the following format:

Netegrity::PolicyMgtPolicy‑>CreateIPConfigRange(ipAddr1, ipAddr2)

Parameters

The CreateIPConfigRange method accepts the following parameters:

ipAddr1 (string)

Specifies the beginning IP address in the range of accepted addresses.

ipAddr2 (string)

Specifies the ending IP address in the range of accepted addresses.

Return Value

The CreateIPConfigRange method returns one of the following values:

• A PolicyMgtIPConfig object
• undef if the call is unsuccessful

CreateIPConfigSingleHost Method—Creates an IP Address Configuration

The CreateIPConfigSingleHost method creates an IP Address configuration based on the IP address passed to the method. For the policy to fire, a request must come from the machine with the passed IP address.

Syntax

The CreateIPConfigSingleHost method has the following format:

Netegrity::PolicyMgtPolicy‑>CreateIPConfigSingleHost(ipAddr)

Parameters

The CreateIPConfigSingleHost method accepts the following parameter:

ipAddr (string)

Specifies the IP address required for the policy to fire.

Return Value

The CreateIPConfigSingleHost method returns one of the following values:

• A PolicyMgtIPConfig object
• undef if the call is unsuccessful

CreateIPConfigSubnetMask Method—Creates an IP Address Configuration Based on the IP Address and Subnet Mask

The CreateIPConfigSubnetMask method creates an IP Address configuration based on the IP address and subnet mask passed to the method. For the policy to fire, a request must come from the subnet address derived from the passed IP address and subnet mask.

Syntax

The CreateIPConfigSubnetMask method has the following format:

Netegrity::PolicyMgtPolicy‑>CreateIPConfigSubnetMask(ipAddr, subnetMask)

Parameters

The CreateIPConfigSubnetMask method accepts the following parameters:

ipAddr (string)

Specifies the IP address used to derive the subnet address.

subnetMask (unsigned long)

Specifies the subnet mask used to derive the subnet address.

Return Value

The CreateIPConfigSubnetMask method returns one of the following values:

• A PolicyMgtIPConfig object
• undef if the call is unsuccessful

Remarks

The subnet mask value is a number of bits. To arrive at this value, count the bits in the binary value of the address. For example, suppose the subnet mask is 255.255.255.128. The binary format is:

11111111 11111111 11111111 10000000

Counting from left to right, the number to pass in subnetMask would be 25.

DeleteIPConfig Method—Deletes the Specified IP Configuration Object

The DeleteIPConfig method deletes the specified IP configuration object.

Syntax

The DeleteIPConfig method has the following format:

Netegrity::PolicyMgtPolicy‑>DeleteIPConfig(ipConfig)

Parameters

The DeleteIPConfig method accepts the following parameters:

ipConfig (PolicyMgtIPConfig)

Specifies the IP configuration object to delete.

Return Value

The DeleteIPConfig method returns one of the following values:

• 0 if the deletion is successful
• -1 if the call is unsuccessful

Description Method—Sets or Retrieves the Description of the Policy

The Description method sets or retrieves the description of the policy.

Syntax

The Description method has the following format:

Netegrity::PolicyMgtPolicy‑>Description([policyDesc])

Parameters

The Description method accepts the following parameter:

policyDesc (string)

Specifies the description to set.

Return Value

The Description method returns one of the following values:

• The new or existing policy description
• An empty if the call is unsuccessful

EnforceANDEvaluation Method—Sets or Retrieves the ANDUser/Group Flag

The EnforceANDEvaluation method sets or retrieves the ANDUser/Group flag depending on the value of the iANDUserFlag.

Syntax

The EnforceANDEvaluation method has the following format:

Netegrity::PolicyMgtPolicy‑>EnforceANDEvaluation(user[, iANDUserFlag])

Parameters

The EnforceANDEvaluation method accepts the following parameters:

user (PolicyMgtUser)

Specifies the user for which to set or retrieve iANDUserFlag.

iANDUserFlag (int)

(Optional) Specifies whether to enforce AND evaluation:

1 to enforce AND evaluation

0 to remove AND evaluation

If this argument is not passed, the function returns the current value of iANDUserFlag. This flag applies to all the users added to the policy for a particular user directory.

Return Value

The EnforceANDEvaluation method returns one of the following values:

• 0 if ANDUser/Group flag is removed successfully.
• 1 if ANDUser/Group flag is set successfully.
• -1 if the call is unsuccessful

ExcludeUser Method—Excludes or Includes a User from the Policy

The ExcludeUser method excludes or includes a user from the policy depending on the value of iExcludeFlag.

Syntax

The ExcludeUser method has the following format:

Netegrity::PolicyMgtPolicy‑>ExcludeUser(user[, iExcludeFlag])

Parameters

The ExcludeUser method accepts the following parameters:

user (PolicyMgtUser)

Specifies the user to exclude or include.

iExcludeFlag (int)

(Optional) Specifies whether to exclude the specified user:

• 1 to exclude the user
• 0 to include the user

If this argument is not passed, the function returns the current value of iExcludeFlag.

Return Value

The ExcludeUser method returns one of the following values:

• 0 if the user is included successfully.
• 1 if the user is excluded successfully.
• -1 if the call is unsuccessful

GetAllIPConfigs Method—Retrieves All IP Address Restriction Objects in the Policy

The GetAllIPConfigs method retrieves all IP address restriction objects in the policy.

Syntax

The GetAllIPConfigs method has the following format:

Netegrity::PolicyMgtPolicy‑>GetAllIPConfigs( )

Parameters

The GetAllIPConfigs method accepts no parameters.

Return Value

The GetAllIPConfigs method returns one of the following values:

• An array of PolicyMgtIPConfig objects
• undef if no IP address restriction objects are found.

Remarks

See the PolicyMgtIPConfig‑>GetType method for information about IP address restrictions and IP address restriction types.

GetAllRules Method—Retrieves All Rules Associated with the Policy

The GetAllRules method retrieves all rules associated with the policy.

Syntax

The GetAllRules method has the following format:

Netegrity::PolicyMgtPolicy‑>GetAllRules()

Parameters

The GetAllRules method accepts no parameters.

Return Value

The GetAllRules method returns one of the following values:

• An array of PolicyMgtRule objects
• undef if no rules are found, or if the call is unsuccessful

GetAllUsers Method—Retrieves All Users Associated with the Policy

The GetAllUsers method retrieves all users associated with the policy. If a user directory is specified, only those users associated with that directory are retrieved.

Syntax

The GetAllUsers method has the following format:

Netegrity::PolicyMgtPolicy‑>GetAllUsers([userDir])

Parameters

The GetAllUsers method accepts the following parameter:

userDir (PolicyMgtUserDir)

(Optional) Specifies that only users associated with this user directory are retrieved.

Return Value

The GetAllUsers method returns one of the following values:

• An array of PolicyMgtUser objects
• undef if no users were found, or if the call is unsuccessful

IsEnabled Method—Enables or Disables the Policy

The IsEnabled method enables or disables the policy.

Syntax

The IsEnabled method has the following format:

Netegrity::PolicyMgtPolicy‑>IsEnabled([enableFlag])

Parameters

The IsEnabled method accepts the following parameter:

enableFlag (int)

(Optional) Specifies whether to enable or disable the policy:

• 0 disables the policy.
• 1 enables the policy.

Return Value

The IsEnabled method returns one of the following values:

• 1 if the policy is enabled.
• 0 if the policy is disabled.
• -1 if the call is unsuccessful

Name Method—Sets or Retrieves the Policy Name

The Name method sets or retrieves the policy name.

Syntax

The Name method has the following format:

Netegrity::PolicyMgtPolicy‑>Name([policyName])

Parameters

The Name method accepts the following parameter:

policyName (string)

(Optional) Specifies the name to assign to the policy.

Return Value

The Name method returns one of the following values:

• A new or existing policy name
• undef if the call is unsuccessful

RemoveResponse Method—Removes the Response for a Configured Rule in the Policy

The RemoveResponse method removes the response for a configured rule in the policy.

Syntax

The RemoveResponse method has the following format:

Netegrity::PolicyMgtPolicy‑>RemoveResponse(rule)

Parameters

The RemoveResponse method accepts the following parameter:

rule (PolicyMgtRule)

Specifies the rule whose response should be removed.

Return Value

The RemoveResponse method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful

RemoveRule Method—Removes the Specified Rule from the Policy

The RemoveRule method Removes the specified rule from the policy.

Syntax

The RemoveRule method has the following format:

Netegrity::PolicyMgtPolicy‑>RemoveRule(rule)

Parameters

The RemoveRule method accepts the following parameter:

rule (PolicyMgtRule)

Specifies the rule to remove.

Return Value

The RemoveRule method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful

RemoveUser Method—Removes a User from the Policy

The RemoveUser method removes a user from the policy.

Syntax

The RemoveUser method has the following format:

Netegrity::PolicyMgtPolicy‑>RemoveUser(user)

Parameters

The RemoveUser method accepts the following parameters:

user (PolicyMgtUser)

Specifies the user to remove.

Return Value

The RemoveUser method returns one of the following values:

• 0 if the call is successful
• -1 if the call is unsuccessful

SetResponse Method—Sets the Response for a Configured Rule in the Policy

The SetResponse method sets the response for a configured rule in the policy.

Syntax

The SetResponse method has the following format:

Netegrity::PolicyMgtPolicy‑>SetResponse(rule, response)

Parameters

The SetResponse method accepts the following parameters:

rule (PolicyMgtRule)

Specifies the rule whose response is being set.

response (PolicyMgtResponse)

Specifies the response to set.

Return Value

The SetResponse method returns one of the following values:

• 0 if the call is successful.
• -1 if the call is unsuccessful.