Database Policy Authority performs a SQL Query in a Database and maps the results of the query to parameters of the output policy configured. The query should only return one result row for the authority to correctly forward the evaluation to the output policy.
Configuring the Database Policy Authority
To configure the authority, complete the following steps.
- Sign into the Administrative Console.
- Click Create New Authority.
- Ensure that Database Policy Authority is selected in the Authority Type list box.
- Type a name for the authority in the Authority Name box.
- Type a name for the authority in the Authority Display Name box.
- Type a description of the authority in the Authority Description box (optional).
- Type the fully qualified URI location of the Resilient Access Authority Connector in the Resilient Access Authority Connector Host box, including the number of the port on the Resilient Access Authority Connector host that will accept incoming connections. To encrypt the communications between the Resilient Access and the Resilient Access Authority Connector, type https.
- Use the Runtime Parameters area to add and configure the parameters without literal values. The values of these parameters will be supplied by the end user at runtime. For each runtime parameter, specify the following:
- Type the name of the parameter in the Name box. The parameter name gets paired with the value provided at runtime and sent to the custom REST authority.
- Type the label of the box displayed to the end user in the Display Name box.
- If the parameter will contain a sensitive value, such as personally identifiable information, select the Obfuscate check box. This instructs Resilient to substitute an opaque token for the value as it transits the network, ensuring that the value never passes through the central Policy Workflow Engine component and does not get stored in the Trust History.
- If the user will provide the value in the initial request form, select the Initial Request check box. NOTE: Resilient recommends leaving the Initial Request check box blank if the value is sensitive or contains personally identifiable information.
- Select the Mask Input check box to mask the values with bullet characters as the user types them in. This protects against shoulder surfing.
- Configure the connection to the Database server by entering:
- The fully qualified hostname of the database server in the Database Host box:
- The name of the database containing the user records in the Database Name box
- The database user name in the Database User Name box
- The password for the user account to connect to the Database server in the Database Password box.
- Build the SQL Expression to extract attributes through the SQL query builder.
- First select the table name and click on the + button to add the table to the expression
- After the first table is added the controls for adding columns to the SQL query will appear. Add each column by specifying the Column Name the type whether String or Numeric and the table the column belongs to and then the + button to add the column to the SQL query
- After adding a column the controls for adding WHERE clauses will appear. The left-hand side of the WHERE clause expression will be populated with the columns in the SELECT section, the right-hand side can either be Runtime Parameter a SQL Column or a Literal. The widget next to it will be appropriately populated to specify the right-hand side value. Click the + button to add the WHERE clause.
- For either the SELECT column or the FROM table or the WHERE clause can be delete by clicking on the delete icon. The SQL expression will be updated as required to ensure it always remains a valid SQL query.
- Define the output policy and configure the policy parameters using the steps below
- Click the Create Output Policy button to define the output policy. The output policy is created in a popup window with a similar interface as the Create Policies page. Drag and drop authorities and define the output policy
- The Configure Policy Parameters table will list the parameters of the output policy. These can either be mapped to Runtime Parameter defined above or a Literal or a Query Result.
- If Mapped Type is Runtime Parameter then Mapped Value will be populated with the runtime parameters defined. Select the one to use from the drop-down
- If Mapped Type is Literal enter the value in the Mapped Value box
- If Mapped Type is Query Result then Mapped Value will be populated with columns in the SQL query defined in the Build the SQL Expression to extract attributes section. Select the one to use from the drop-down.
- Once you have finished configuring the custom authority, click Create or Save.