Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 50

6 In Condition Group 1, select the conditions the user must meet:
Liberty User Profile: Select Entire Personal Identity > Entire Common Name > Common
Analyzed Name > Common Last Name.
If these options are not available, you haven't enabled the Liberty attributes. Click Identity
Servers > Edit > Liberty > Web Service Provider, then enable one or more of the following:
Employee Profile or Personal Profile.
Comparison: Select how you want the attribute values to be compared. For the Common Last
Name attribute, select String > Equals.
Mode: Select Case Insensitive.
Value: Select Data Entry Field and type the person's name in the box (Smith, in this example).
This sets up the condition that if the user has the name Smith, his or her role as Manager is
activated at authentication.
Result on Condition Error: This sets up the results that are returned if an error occurs while
evaluating the condition (for example, the LDAP server goes down). This rule is set up to grant
the user the role of Manager if the condition evaluates to True. If an error occurs, you do not
want random users assigned the role of Manager. Therefore, for this rule, you need to select
False.
7 In the Actions section, click Activate Role.
50 Novell Access Manager 3.1 SP2 Policy Guide