
<!DOCTYPE html>

<html data-lt-installed="true">

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body style="padding-bottom: 1px;">

    <p>Hi everyone,</p>

    <p>I have a setup with delegated administration, which allows

      different admins access to a multi-value property of certain users

      independently of each other.<br>

      These admins should only be able to put certain values that match

      their individual responsibility into the property.</p>

    <p>Is there a way to limit the modification of properties by their

      value?<br>

      I would imagine there is some way to achieve this using policies.<br>

      However, I have been unable to figure out a way to obtain the

      delta that a modification entails in an expression within a

      policyAction.<br>

      My attempt thus far looks like this:<br>

    </p>

    <p> <globalPolicyRule><br>

              <name>modify-attr</name><br>

              <focusSelector><br>

                  <type>UserType</type><br>

              </focusSelector><br>

              <policyConstraints><br>

                  <or><br>

                      <modification><br>

                          <operation>add</operation><br>

                          <item>extension/attr</item><br>

                      </modification><br>

                      <modification><br>

                          <operation>modify</operation><br>

                          <item>extension/attr</item><br>

                      </modification><br>

                      <modification><br>

                          <expression><br>

                              <script><br>

                                  <code><br>

                                     <br>

    </p>

    <p>                               // Some expression to potentially

      check whether the modification is valid<br>

    </p>

    <p>                            </code><br>

                              </script><br>

                          </expression><br>

                      </modification><br>

                  </or><br>

              </policyConstraints><br>

              <policyActions><br>

                 <enforcement><br>

                     <condition><br>

                         <script><br>

                             <code><br>

                                </p>

    <p>                          //Some expression to potentially check

      whether the modification is valid...</p>

    <p><br>

    </p>

    <p>                       </code><br>

                         </script><br>

                     </condition><br>

                 </enforcement><br>

              </policyActions><br>

          </globalPolicyRule></p>

    <p>Both expressions don't seem to have a variable containing the

      modification itself as input.<br>

      Am I missing something?<br>

      I would have expected access to the specific modification at least

      in the policyConstraint section.</p>

    <p>Any help would be appreciated!</p>

    <p>Thanks in advance and regards, <br>

    </p>

    <p>Sven<br>

    </p>

    <pre class="moz-signature" cols="72">-- 

Sven Feyerabend

stuvus – Studierendenvertretung Universität Stuttgart

Pfaffenwaldring 5c

70569 Stuttgart</pre>

  </body>

  <lt-container></lt-container>

</html>