An Advanced Policy Script Example

Here is another sample script; this script extends the starter script example and uses the User and SQL Query modules to allow access only to users who are in a role that starts with k. Although this may not be a practical example, it demonstrates the full power of policy scripting.

Copy

if(!context.onPrem){

trace("not onprem");

var umod = module('User');

var user = umod.GetCurrentUser();

trace (user.Username);

trace (user.DisplayName);

trace (user.Properties.Get('mail'));

var sqlMod = module('SqlQuery');

var roles = sqlMod.query('select \* from role where ID like "k_%"');

var inkrole = false;

for(var i = 0; i \< roles.length; i++ )

{

var krole = roles[i].ID;

if(user.InRole(krole)){

inkrole = true;

break;

}

}

if(!inkrole){

trace("block specified role");

policy.Locked = true;

}

}