Previous Topic: Data TypesNext Topic: Pasting


Expression Syntax Overview

The syntax described in this appendix belongs to an internal CA SiteMinder® expression evaluator. You can use the data types, operators, and built-in functions that comprise this syntax in expressions, when you define Roles or Entitlements in the Administrative UI. An unnamed expression is local to the particular Role or Entitlement that you are defining, or you can use named expressions, which are defined globally.

Named expressions include virtual user attributes (whose names begin with #) and user classes (whose names begin with @).

A virtual user attribute calculates a value when the required information cannot be read directly from a user's directory entry. Virtual user attributes return a string, number, or Boolean value. For example, if you wanted to format name information so that it could be used frequently for sorting, you could define a virtual user attribute called #SortName in the user interface as follows:

UCase(RTrim(LastName + "," + FirstName + " " + Initial))

This example uses two built-in functions, UCASE and RTRIM. Note that these name are not case sensitive.

A user class is an expression that determines whether a user belongs to a particular category based on user type, such as a manager or an administrator. A user is either a member of a particular user class or not, so the result of a user class expression is always Boolean.

When you define a virtual user attribute or user class, you can specify that it is private, which means that it can only be called from other named expressions. Similarly, some of the built-in functions are designated as privileged functions, which means that they can only be called from within another named expression. Privileged functions are noted in the Remarks section as "Privileged". Functions that accept one or more LDAP Distinguished Names as parameters are noted in the Remarks section as "LDAP Only".