Class CIM_PolicyRule
extends CIM_PolicySet

The central class used for representing the 'If Condition then Action' semantics of a policy rule. A PolicyRule condition, in the most general sense, is represented as either an ORed set of ANDed conditions (Disjunctive Normal Form, or DNF) or an ANDed set of ORed conditions (Conjunctive Normal Form, or CNF). Individual conditions may either be negated (NOT C) or unnegated (C). The actions specified by a PolicyRule are to be performed if and only if the PolicyRule condition (whether it is represented in DNF or CNF) evaluates to TRUE. The conditions and actions associated with a PolicyRule are modeled, respectively, with subclasses of PolicyCondition and PolicyAction. These condition and action objects are tied to instances of PolicyRule by the PolicyConditionInPolicyRule and PolicyActionInPolicyRule aggregations. A PolicyRule may also be associated with one or more policy time periods, indicating the schedule according to which the policy rule is active and inactive. In this case it is the PolicySetValidityPeriod aggregation that provides this linkage. The PolicyRule class uses the property ConditionListType, to indicate whether the conditions for the rule are in DNF (disjunctive normal form), CNF (conjunctive normal form) or, in the case of a rule with no conditions, as an UnconditionalRule. The PolicyConditionInPolicyRule aggregation contains two additional properties to complete the representation of the Rule's conditional expression. The first of these properties is an integer to partition the referenced PolicyConditions into one or more groups, and the second is a Boolean to indicate whether a referenced Condition is negated. An example shows how ConditionListType and these two additional properties provide a unique representation of a set of PolicyConditions in either DNF or CNF. Suppose we have a PolicyRule that aggregates five PolicyConditions C1 through C5, with the following values in the properties of the five PolicyConditionInPolicyRule associations: C1: GroupNumber = 1, ConditionNegated = FALSE C2: GroupNumber = 1, ConditionNegated = TRUE C3: GroupNumber = 1, ConditionNegated = FALSE C4: GroupNumber = 2, ConditionNegated = FALSE C5: GroupNumber = 2, ConditionNegated = FALSE If ConditionListType = DNF, then the overall condition for the PolicyRule is: (C1 AND (NOT C2) AND C3) OR (C4 AND C5) On the other hand, if ConditionListType = CNF, then the overall condition for the PolicyRule is: (C1 OR (NOT C2) OR C3) AND (C4 OR C5) In both cases, there is an unambiguous specification of the overall condition that is tested to determine whether to perform the PolicyActions associated with the PolicyRule. PolicyRule instances may also be used to aggregate other PolicyRules and/or PolicyGroups. When used in this way to implement nested rules, the conditions of the aggregating rule apply to the subordinate rules as well. However, any side effects of condition evaluation or the execution of actions MUST NOT affect the result of the evaluation of other conditions evaluated by the rule engine in the same evaluation pass. That is, an implementation of a rule engine MAY evaluate all conditions in any order before applying the priority and determining which actions are to be executed.

Table of Contents
Hierarchy
Direct Known Subclasses
Class Qualifiers
Class Properties
Class Methods


Class Hierarchy

CIM_ManagedElement
   |
   +--CIM_Policy
   |
   +--CIM_PolicySet
   |
   +--CIM_PolicyRule

Direct Known Subclasses

CIM_AuthenticationRule
CIM_AuthorizationRule
CIM_NetworkPolicyRule
CIM_PrivilegePropagationRule
CIM_SARule
CIM_TierPolicyRule

Class Qualifiers

NameData TypeValue
DescriptionstringThe central class used for representing the 'If Condition then Action' semantics of a policy rule. A PolicyRule condition, in the most general sense, is represented as either an ORed set of ANDed conditions (Disjunctive Normal Form, or DNF) or an ANDed set of ORed conditions (Conjunctive Normal Form, or CNF). Individual conditions may either be negated (NOT C) or unnegated (C). The actions specified by a PolicyRule are to be performed if and only if the PolicyRule condition (whether it is represented in DNF or CNF) evaluates to TRUE. The conditions and actions associated with a PolicyRule are modeled, respectively, with subclasses of PolicyCondition and PolicyAction. These condition and action objects are tied to instances of PolicyRule by the PolicyConditionInPolicyRule and PolicyActionInPolicyRule aggregations. A PolicyRule may also be associated with one or more policy time periods, indicating the schedule according to which the policy rule is active and inactive. In this case it is the PolicySetValidityPeriod aggregation that provides this linkage. The PolicyRule class uses the property ConditionListType, to indicate whether the conditions for the rule are in DNF (disjunctive normal form), CNF (conjunctive normal form) or, in the case of a rule with no conditions, as an UnconditionalRule. The PolicyConditionInPolicyRule aggregation contains two additional properties to complete the representation of the Rule's conditional expression. The first of these properties is an integer to partition the referenced PolicyConditions into one or more groups, and the second is a Boolean to indicate whether a referenced Condition is negated. An example shows how ConditionListType and these two additional properties provide a unique representation of a set of PolicyConditions in either DNF or CNF. Suppose we have a PolicyRule that aggregates five PolicyConditions C1 through C5, with the following values in the properties of the five PolicyConditionInPolicyRule associations: C1: GroupNumber = 1, ConditionNegated = FALSE C2: GroupNumber = 1, ConditionNegated = TRUE C3: GroupNumber = 1, ConditionNegated = FALSE C4: GroupNumber = 2, ConditionNegated = FALSE C5: GroupNumber = 2, ConditionNegated = FALSE If ConditionListType = DNF, then the overall condition for the PolicyRule is: (C1 AND (NOT C2) AND C3) OR (C4 AND C5) On the other hand, if ConditionListType = CNF, then the overall condition for the PolicyRule is: (C1 OR (NOT C2) OR C3) AND (C4 OR C5) In both cases, there is an unambiguous specification of the overall condition that is tested to determine whether to perform the PolicyActions associated with the PolicyRule. PolicyRule instances may also be used to aggregate other PolicyRules and/or PolicyGroups. When used in this way to implement nested rules, the conditions of the aggregating rule apply to the subordinate rules as well. However, any side effects of condition evaluation or the execution of actions MUST NOT affect the result of the evaluation of other conditions evaluated by the rule engine in the same evaluation pass. That is, an implementation of a rule engine MAY evaluate all conditions in any order before applying the priority and determining which actions are to be executed.
UMLPackagePathstringCIM::Policy
Versionstring2.7.0

Class Properties

Local Class Properties

NameData TypeDefault ValueQualifiers
NameData TypeValue
ConditionListTypeuint161
DescriptionstringIndicates whether the list of PolicyConditions associated with this PolicyRule is in disjunctive normal form (DNF), conjunctive normal form (CNF), or has no conditions (i.e., is an UnconditionalRule) and is automatically evaluated to "True." The default value is 1 ("DNF").
ValueMapstring0, 1, 2
ValuesstringUnconditional Rule, DNF, CNF
CreationClassNamestring
DescriptionstringCreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.
Keybooleantrue
MaxLenuint32256
ExecutionStrategyuint16
DescriptionstringExecutionStrategy defines the strategy to be used in executing the sequenced actions aggregated by this PolicyRule. There are three execution strategies: Do Until Success - execute actions according to predefined order, until successful execution of a single action. Do All - execute ALL actions which are part of the modeled set, according to their predefined order. Continue doing this, even if one or more of the actions fails. Do Until Failure - execute actions according to predefined order, until the first failure in execution of an action instance.
ValueMapstring1, 2, 3
ValuesstringDo Until Success, Do All, Do Until Failure
Mandatoryboolean
DeprecatedstringNo value
DescriptionstringA flag indicating that the evaluation of the Policy Conditions and execution of PolicyActions (if the Conditions evaluate to TRUE) is required. The evaluation of a PolicyRule MUST be attempted if the Mandatory property value is TRUE. If the Mandatory property is FALSE, then the evaluation of the Rule is 'best effort' and MAY be ignored.
PolicyRuleNamestring
DescriptionstringA user-friendly name of this PolicyRule.
Keybooleantrue
MaxLenuint32256
Priorityuint160
DeprecatedstringCIM_PolicySetComponent.Priority
DescriptionstringPolicyRule.Priority is deprecated and replaced by providing the priority for a rule (and a group) in the context of the aggregating PolicySet instead of the priority being used for all aggregating PolicySet instances. Thus, the assignment of priority values is much simpler. A non-negative integer for prioritizing this Policy Rule relative to other Rules. A larger value indicates a higher priority. The default value is 0.
RuleUsagestring
DescriptionstringA free-form string that can be used to provide guidelines on how this PolicyRule should be used.
SequencedActionsuint163
DescriptionstringThis property gives a policy administrator a way of specifying how the ordering of the PolicyActions associated with this PolicyRule is to be interpreted. Three values are supported: o mandatory(1): Do the actions in the indicated order, or don't do them at all. o recommended(2): Do the actions in the indicated order if you can, but if you can't do them in this order, do them in another order if you can. o dontCare(3): Do them -- I don't care about the order. The default value is 3 ("DontCare").
ValueMapstring1, 2, 3
ValuesstringMandatory, Recommended, Dont Care
SystemCreationClassNamestring
DescriptionstringThe scoping System's CreationClassName.
Keybooleantrue
MaxLenuint32256
PropagatedstringCIM_System.CreationClassName
SystemNamestring
DescriptionstringThe scoping System's Name.
Keybooleantrue
MaxLenuint32256
PropagatedstringCIM_System.Name

Inherited Properties

NameData TypeClass Origin
CaptionstringCIM_ManagedElement
CommonNamestringCIM_Policy
DescriptionstringCIM_ManagedElement
ElementNamestringCIM_ManagedElement
Enableduint16CIM_PolicySet
Generationuint64CIM_ManagedElement
InstanceIDstringCIM_ManagedElement
PolicyDecisionStrategyuint16CIM_PolicySet
PolicyKeywordsstring[]CIM_Policy
PolicyRolesstring[]CIM_PolicySet

Class Methods