- Name and description of the rule are used for configuration management and diagnostics. The rule name will be displayed in the log files when the rule is processesprocessed.
- Focal object that the rule applies to. This defines that object that is being changed. E.g. this is the user that receives a new assignment. Or it is the role that is being created.
- Target object (optional). This is used when applying the rule to the assignment. The target object represents the target of the assignment, which is usually a role, org or a service.
- Condition (optional) when the rule should be applied. If the condition is not specified it is assumed to be true.
- Policy constraints specify when the rule is triggered. E.g. the rule may be triggered when a role is assigned, when the role is changed, when the role is not assigned to any user or when it is assigned to too many persons and so on.
- Policy situation is an identifier of a situation which is the result of this rule. The situation identifier is stored together with the affected object or assignment and it can be used for reporting.
- Policy actions specify the actions that are to be taken when the rule is triggered. The actions may range from strong enforcement of the rule (i.e. prohibit the operation) through Approval to a very mild actions such as notifications.