You can use the following reserved words to control the flow of logic in the policy file.
| Statement | Description |
|---|---|
| accept | Accept the submitted request. |
| break | Break out of a while or for loop. |
| continue | Skip the rest of the loop body and continue to the next iteration of the loop. |
| do-while | Execute the loop body multiple times until an expression is true, evaluating the expression after executing the statement. |
| for loop | c-style for loop. |
| for loop | Execute the loop body for each element in a list. |
| function | Stand-alone subroutine, allowing you to reuse policy. |
| if-else | Used to determine which statement to execute next based on whether an expression is true or false. |
| include | Include the named policy file. |
| procedure / function | Stand-alone subroutine, allowing you to reuse policy. |
| readonly | Mark a variable as read-only. |
| readonlyexcept | Mark all variables as read-only except for the specified list. |
| reject | Reject the submitted request. |
| return | Return from a function or procedure. |
| switch | Used to determine which statement to execute next based on whether an expression matches one of several values. |
| while | Execute the loop body multiple times until an expression is true, evaluating the expression before executing the statement. |
accept;
The accept statement accepts the job request submitted by a user. After a command is accepted, nothing else in the configuration script is executed. If neither an accept nor reject statement is reached while parsing the configuration file, the command is rejected by default.
adminusers = {"dan","robyn"};
adminprogs = {"hostname","kill","csh","ksh"};
if (user in adminusers && command in adminprogs)
{
runuser = "root";
if (user == "dan" && !officehours)
{
printf("You can't use %s outside office hours\n",runcommand);
reject;
}
if (user == "robyn" && !officehours)
{
if (!getuserpasswd(user))
reject;
}
accept;
}break;
The break statement exits a loop and terminates cases. Use to force an immediate exit in case statements and looping statements such as for, while, and do-while statements.
for ( oneuser in userlist )
{
if (oneuser == "root")
{
break;
}
print(oneuser);
}continue;
Use the continue statement in the body of a C-style for loop, while, or do-while statement to skip the rest of the statements in the body of the loop and start again from the top of the loop.
for ( oneuser in userlist )
{
if (oneuser == "root")
{
continue;
}
print(oneuser);
}© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy