Chapter 10 Managing Access Policies

Configuring Compound Conditions

Related Topics

Compound Condition Building Blocks, page 10-40

Using the Compound Expression Builder, page 10-44

Using the Compound Expression Builder

 

You construct compound conditions by using the expression builder in Rule Properties pages. The

 

expression builder contains two sections: a predicate builder to create primary conditions and controls

 

for managing the expression.

 

In the first section, you define the primary conditions. Choose the dictionary and attribute to define the

 

operand, then choose the operator, and specify a value for the condition. Use the second section to

 

organize the order of conditions and the logical operators that operate on or between binary conditions.

 

Table 10-22describes the fields in the compound expression builder.

Table 10-22

Expression Builder Fields

 

 

Field

Description

 

 

Condition

Use this section to define the primary conditions.

 

 

Dictionary

Specifies the dictionary from which to take the operand. These available options depend on the policy that

 

you are defining. For example, when you define a service selection policy, the Identity dictionaries are not

 

available.

 

 

Attribute

Specifies the attribute that is the operand of the condition. The available attributes depend on the dictionary

 

that you chose.

 

 

Operator

The relational operator content is dynamically determined according to the choice in the preceding operand

 

field.

 

 

Value

The condition value. The type of this field depends on the type of condition or attribute. Select one of the

 

following two options:

Static—If selected, you have to enter or select the static value depending on attribute type.

Dynamic—If selected, you can select another dictionary attribute to compare against the dictionary attribute selected as operand.

 

Current

Use this section to organize the order of conditions and the logical operators that operate on or between

 

Condition Set

binary conditions.

 

 

 

 

 

Condition list

Displays a list of defined binary conditions for the compound conditions and their associated logical

 

 

 

 

 

 

operators.

 

 

 

 

 

Add

After you define a binary condition, click Add to add it to the Condition list.

 

 

 

 

 

Edit

To edit a binary condition, select the condition in the Condition list and click Edit. The condition properties

 

 

 

 

 

 

appear in the Condition fields. Modify the condition as required, then click Replace.

 

 

 

 

 

Replace

Click to replace the selected condition with the condition currently defined in the Condition fields.

 

 

 

 

 

And

Specifies the logical operator on a selected condition, or between the selected condition and the one above

 

Or

it. Click the appropriate operator, and click Insert to add the operator as a separate line; click the operator

 

and click Replace, to replace the selected line.

 

 

 

 

 

 

 

 

 

 

 

Delete

Click to delete the selected binary condition or operator from the condition list.

 

 

 

 

 

Preview

Click to display the current expression in corresponding parenthesis representation. The rule table displays

 

 

 

 

 

 

the parenthesis representation after the compound expression is created.

 

 

 

 

 

 

 

 

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

 

 

 

 

10-44

 

 

 

 

OL-24201-01

 

 

 

 

 

 

 

Page 307 Page 309
Page 308
Image 308
Cisco Systems OL-24201-01 manual Using the Compound Expression Builder, 10-44
Page 307 Page 309
Top Page Image Contents