Dynamic Collections

This feature is currently available only to customers participating in a Private Preview. If you'd like to participate and be among the first to try this feature, ask our support or account team for details.

Dynamic Collections are policies that evaluate a subject based on a set of rules. The dynamic collection’s object is evaluated as true or false.

For example, if the subject is an identity, the dynamic collection evaluates rules about the identity. If the subject is a resource, the dynamic collection evaluates rules about the Resource.

Dynamic collections are attached to objects or actions in the system to determine if actions should be taken in the system or if access should be granted.

To view or manage a field, navigate to the Configuration page and select the Fields tab. Select Edit or New to manage or create a field.

To view or manage Dynamic Collections, navigate to the Collections page and select the Dynamic Collections tab.

Hover over the name to display an ellipsis with the options to view, evaluate, or delete the dynamic collection.

Creating a Dynamic Collection

To create a dynamic collection, fill out all of the required and any of the remaining fields:

  • Name (Required) (Unique) - The name is used as the dynamic collection’s identifier.

  • Subject (Required) - Select the dynamic collection’s Subject (this is the type of data you will be working with):

    • Identity

    • Role

    • Resource

  • Description (Required) - A text description of the dynamic collection

  • Query Scope (Required) - Use this section to add rules (items) to the ruleset.

    • This section appears only if you select “Ruleset” as the Dynamic Collection Type.

    • At least one rule is required.

    • Rules can be grouped.

    • Logical operators AND or OR connect rules or groups of rules.

    • As each rule is added, the display shows a user-friendly, text-based preview of the rule.

    • Each rule can be negated to evaluate the rule with a logical NOT.

    • The form validates that the rule is valid and displays any errors.

Filling out a Query Scope

Each rule consists of three components - fields, operators, and values.

Field

A field is from the subject data type and it can be any field, including custom fields and the assignment of company, role, entitlement, or resource.

Operator

An operator is based on the data type of the selected field, and based on the field types:

Text Fields Numeric Fields

Date Fields

Equals

Equals

Before

Not equals

Not equals

After

Contains

Greater than

Between

Starts with

Less than

Exist (has a value)

Ends with

Greater than or equal

Does Not Exist

Is one of

Less than or equal

Relative Date

Does not contain

Is not empty (has a value)

Date (Calendar)

Does not exist

Empty

Is not like

Is not one of

Empty

Is not empty (has value)

Value

The value is what the field will be compared to using the operator. It can be a field, literal, or relative value.

Field Value

Another field from the subject type (including custom fields). This field must be of the same type as the comparison field.

Literal Value

A hard-coded literal value of the same data type as the comparison field.

Relative Value

A value that is relative to the field value. A relative value is only applicable to date fields and can be any of the following, where you specify a numeric value for N:

Days Weeks Months Years

N Days Ago

N Weeks Ago

N Months Ago

N Years Ago

Today

This Week

This Month

This Year

N Days from Now

N Weeks from Now

N Months from Now

N Years from Now

Yesterday

Last Week

Last Month

Last Year

Last N Days

N Weeks

Last N Months

Last N Years

Tomorrow

Next Week

Next Month

Next Year

Next N Days

Next N Weeks

Next N Months

Next N Years

Deleting a Dynamic Collection

When deleting a dynamic collection, the system checks if it is in use:

  • If the dynamic collection is in use, the system notifies the user and they won’t be allowed to delete the dynamic collection.

  • If the dynamic collection isn’t in use, the system deletes it.