An Advanced Policy Script Example
Here is another sample script; this script extends the starter script example and uses the User and SQL Query modules to allow access only to users who are in a role that starts with k. Although this may not be a practical example, it demonstrates the full power of policy scripting.
if(!context.onPrem){
trace("not onprem");
var umod = module('User');
var user = umod.GetCurrentUser();
trace (user.Username);
trace (user.DisplayName);
trace (user.Properties.Get('mail'));
var sqlMod = module('SqlQuery');
var roles = sqlMod.query('select \* from role where ID like "k_%"');
var inkrole = false;
for(var i = 0; i \< roles.length; i++ )
{
var krole = roles[i].ID;
if(user.InRole(krole)){
inkrole = true;
break;
}
}
if(!inkrole){
trace("block specified role");
policy.Locked = true;
}
}