2.2 AzApplicationGroup

This element defines an authorization manager group. AzApplicationGroup can be used to define a global group that is used by all applications (every instance of AzApplication) in the policy or to define a local group that is specific to one specific application in the policy store. When the AzApplicationGroup element appears in the XML policy file at the highest level (child of AzAdminManager) the AzApplicationGroup is global. When the AzApplicationGroup element appears as a child of AzApplication, it defines a group local to the AzApplication.

The following is the XSD definition for the AzApplicationGroup complex type.

 <xs:element name="AzApplicationGroup">
     <xs:complexType>
       <xs:sequence>
         <xs:element name="BizRuleLanguage" type="xs:string" minOccurs="0" />
         <xs:element name="LdapQuery" type="xs:string" minOccurs="0" />
         <xs:element name="BizRule" type="xs:string" minOccurs="0" />
         <xs:element name="BizRuleImportedPath" type="xs:string" minOccurs="0" />
         <xs:element name="AppMemberLink" type="xs:string" minOccurs="0" />
         <xs:element name="Member" nillable="true" minOccurs="0" maxOccurs="unbounded">
           <xs:complexType>
             <xs:simpleContent>
               <xs:extension base="xs:string">
               </xs:extension>
             </xs:simpleContent>
           </xs:complexType>
         </xs:element>
         <xs:element name="NonMember" nillable="true" minOccurs="0" maxOccurs="unbounded">
           <xs:complexType>
             <xs:simpleContent>
               <xs:extension base="xs:string">
               </xs:extension>
             </xs:simpleContent>
           </xs:complexType>
         </xs:element>
       </xs:sequence>
       <xs:attribute name="Guid" type="xs:string" />
       <xs:attribute name="Name" type="xs:string" />
       <xs:attribute name="Description" type="xs:string" />
       <xs:attribute name="GroupType" type="xs:string" />
     </xs:complexType>
 </xs:element>

BizRuleLanguage: The language used to express a business rule in an AzApplicationGroup when GroupType equals "Bizrule". The possible values are "VBScript" (for more information, see [MSDN-VBScript]) or "JScript" (for more information, see [MSDN-JScript]). The BizRuleLanguage element is required for all AzApplicationGroup elements if GroupType equals "Bizrule". Otherwise, it is optional.

LdapQuery: When GroupType equals "LdapQuery", this element contains an LDAP query as described in [RFC2251]. If GroupType does not equal "LdapQuery", this element MUST NOT be present. In version 1.0 schema policy files, only queries against "user" (meaning where objectcategory=user) objects are supported. In version 2.0 schema policy files, any object type can be queried.

BizRule: When GroupType equals "Bizrule", this element contains a business rule in the form of script text (HTML-encoded) in the language specified by BizRuleLanguage. If GroupType does not equal "Bizrule", this element MUST NOT be present.

BizRuleImportedPath: When GroupType equals "Bizrule", this element contains a fully qualified file system path to a file that contains the business rule as defined in BizRule. If GroupType does not equal "Bizrule", this element MUST NOT be present.

AppMemberLink: Optional element that specifies the GUID of an AzApplicationGroup which is a member of the AzApplicationGroup defined by this section.

Member: Optional element that describes an explicit member of the AzApplicationGroup.

NonMember: Optional element that describes an explicit nonmember of the AzApplicationGroup.

Guid: The Globally Unique Identifier (GUID) of the AzApplicationGroup.

Name: The name of the AzApplicationGroup.

Description: The description for the AzApplicationGroup.

GroupType: This element defines the type of the AzApplicationGroup. The value MUST be one of the following strings:

  • "Basic"

  • "Bizrule"

  • "LdapQuery"

Note The "Bizrule" GroupType is supported only in version 2.0 AzMan policies.