The Question:

When creating an Access Policy Rule in the OIM Design Console, I need to make a rule that says:

FirstName != ”

(First name not equal to nothing)

But when I try to make the rule, it doesn’t allow me to submit an empty string as a value (or a space).

How do I test to make sure a value exists for a Rule?

Answer #1:

The Design Console UI will not take an empty string for the attribute value of a rule element. Direct database manipulation has to be done to put a empty string in for it. Please take a backup of the OIM database before trying the following!

1) Create the Rule Element and put some value for it (doesn’t matter what).

2) Now on the database, find out the RUL_KEY and RUE_KEY for this rule and this rule element.

select * from rue where rul_key=(select rul_key from rul where rul_name=’<RULE_NAME >’);

Get the RUL_KEY and RUE_KEY from the result of the above query for that Rule Element and then update its RUE_VALUE with NULL

update rue set rue_value=NULL where rue_key=<RUE_KEY> and rul_key=<RUL_KEY>;
commit;

Answer #2:

Make an entity adapter that populates the field to check null against with ‘nothing’ (the actual text). Then use this adapter is as a Pre-Insert and Pre-Update adapter so that it will always check for the condition. Then in the Rule check for Variable == ‘nothing’.

Thoughts:

The first option is recommended by Oracle, but scares me. Anytime the OIM database has to be directly manipulated, I’m always in fear that it will either break everything immediately, or break it when the next patch / update is released.

The second option requires a little more work, and could be a pain in the butt, but it’ll work, and be supported in future updates / versions of Oracle Identity Manager.

So, it’s really up to you and your client, but either way, at least there’s options to choose from!

.: Adam