|
|
|
In addition to the using the Available Members list in the Policy Users/Groups Dialog to specify users and groups to be included in a policy, you can specify a user or search string in the Manual Entry group box.
Note: When you create or modify a Policy Server object in the Policy Server User Interface, use ASCII characters. Object creation or modification with non-ASCII characters is not supported.
To add a user by manual entry
For LDAP directories, enter a valid DN in the Manual Entry field.
When entering a manual entry for an LDAP user directory, you can also select one of the following from the Action drop down list:
Indicates that the LDAP search specified in the Entry field is limited to matches in user entries.
Indicates that the LDAP search specified in the Entry field is limited to matches in group entries.
Indicates that the LDAP search specified in the Entry field is limited to matches in organization entries.
Indicates that the LDAP search specified in the Entry field is limited to matches in user, group, and organization entries.
For Microsoft SQL Server, Oracle and WinNT directories, enter a user name in the Manual Entry field.
For an Microsoft SQL Server or Oracle, you can enter a SQL query, instead. For example:
SELECT NAME FROM EMPLOYEE WHERE JOB =’MGR’;
The Policy Server will perform the query as the database user specified in the Username field of the Credentials and Connection tab for the user directory. When constructing the SQL statement for the Manual Entry field, you need to be familiar with the database schema for the user directory. For example, if you are using the SmSampleUsers schema and want to add specific users, you could select from the SmUser table.
Note: For an LDAP directory, you can enter all in the Manual Entry field to bind the policy to the entire LDAP directory.
The Policy Server User Interface adds the user or query to the Current Members list.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |