Novell ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER Manual page 233

Modify Policy: Allows the service provider to modify a particular attribute. This is similar to
write access to a particular piece of data.
Query and Modify: Allows you to set both options at once.
5 To edit child attributes of the parent, click the policy.
In the following example, child attributes are inheriting Ask Me permission from the parent
Entire Personal Identity attribute. The Postal Address attribute, however, is modified to never
allow permission for sharing.
If you click the Postal Address attribute, all of its child attributes have inherited the Never
Allow setting. You can specify different permission attributes for Address Type (for example),
but the inherited policy still overrides changes made at the child level, as shown below.
The interface allows these changes in order to simplify switching between configurations if, for
example, you want to remove an inherited policy.
Inherited: Specifies the settings inherited from the parent attribute policy, when you view a
child attribute. In the User Portal, settings displayed under Inherited are not modifiable by the
user. At the top-level policy in the User Portal, the values are inherited from the settings in the
Administration Console. Thereafter, inheritance can come from the service policy or the parent
data item's policy.
Ask Me: Specifies that the service provider requests from the user what action to take.
Always Allow: Specifies that the identity provider always allows the attribute data to be sent to
the service provider.
Never Allow: Specifies that the identity provider never allows the attribute data to be sent to
the service provider.
Configuring Liberty Web Services 233