Skip to main content

Default expressions

This section illustrates the use of PSLang expressions by explaining expressions used by default by Bravura Security Fabric .

Each of these expressions use an iif() function, which takes 3 parameters – iif(boolean expression, "true-part", "false-part" )

It evaluates the boolean expression, and when it’s true, it returns the true-part. Otherwise, it returns the false-part.

In PSLang, a variable is prefixed by $. The variables discussed in this chapter represent a string of characters, or an array of strings.

The characters [n] are placed after variable names to index the n th character in a string, or the n th value in an array, starting from 0. This is used with profile attributes, which can have multiple values. The first of an array of values is represented by $ATTRIBUTE[0], the second by $ATTRIBUTE[1], and so on.

All built-in attributes must be expressed as an array. That is – $FIRST_NAME[0] , $OTHER_NAME[0], $LAST_NAME[0].

IDSYNCH ID PLUGIN MASK

The default function for the IDSYNCH ID PLUGIN MASK is:

iif( (size($LAST_NAME) > 0 && size($FIRST_NAME) > 0),
substr($LAST_NAME[0], 0, 5) + substr($FIRST_NAME[0], 0, 1),
""
)

First, the boolean expression ensures that there are values for $FIRST_NAME and $LAST_NAME . If check is successful, then it takes the 0-5 characters (first 6) of LAST_NAME and the 0-1 characters (first 2) of FIRST_NAME and put them together to form a user’s profile ID.

If the safety check fails, then it returns an empty string.

FULLNAME

This is used for the value of many target attributes (e.g., displayName on Active Directory):

iif( size($OTHER_NAME) > 0,
$FIRST_NAME[0] + " " + $OTHER_NAME[0] + " " + $LAST_NAME[0],
$FIRST_NAME[0] + " " + $LAST_NAME[0]
)

This first checks whether $OTHER_NAME has any values. If it does, then it composes a string such as “John Angus Doe”. If $OTHER_NAME does not have any values (the user has no middle name) then it composes a string such as “Bill Smith”.

MIDDLE INITIAL

This PSLang expression, also used for the value of target attributes (e.g., initials on Active Directory), contains more than one statement:

var $other = iif( size($OTHER_NAME) > 0, $OTHER_NAME[0], "" );
$other[0];

This retrieves the first character of a user’s “other name”. The $OTHER_NAME variable is an array of strings. Like other profile attributes it could be defined to accept more than one value. So, the expression assigns the first element of $OTHER_NAME (assuming it exists, otherwise it returns a blank string) to $other. Since the variable $other is just a string, and not an array, the expression $other[0] gets just the first character of the “other name”.

In this section: