Database PIP
When you add or modify a database policy information point (PIP), you configure a connection to a data source. You also determine what information to use from the data source.
Connection properties
- Name
- Identifies the policy information point instance. This name must be unique
to the instance. Do not use a predefined Advanced Access Control policy
information point issuer name.
The name that you create is the issuer for any attributes that the policy information point instance returns.
- Description
- Describes the policy information point. (Optional)
- Type
- Specifies the policy information point type, which is Database. (Read only)
- Server Connection
- Specifies the database from which to retrieve the attributes. Select one of the defined databases from the list. If the database you require is not available to select in the list, you must define it. See Managing server connections.
Attribute properties
- SQL Query
- Specifies the SQL SELECT statement that queries the
database for information. You can use any valid SQL
SELECT statement. You cannot add an attribute unless
you enter a query statement in this field.
The format of the SELECT statement:
SELECT COLNAME1, COLNAME2, ..., COLNAMEn FROM TABLE WHERE ...
You can also dynamically create the query by using attribute values in a query at run time. The attribute that you use must match the name field of that attribute. In the following example, the user name for the request is substituted in the query at run time. The name of the attribute is username:
SELECT COLNAME1, COLNAME2, ..., COLNAMEn FROM TABLE WHERE ACCOUNT_HOLDER = {username}
Note: You can specify only a single select statement when you configure the database policy information point. If you specify multiple SQL statements, an error message is returned. Do not end the statement with a semicolon. - Attribute
- Specifies the attributes that are retrieved from a response and that can be used in a policy or risk score. The database column is mapped to the associated attribute. You can use one or more attributes. You also can add, modify, or delete attributes.
- Database Column
- Specifies the database column that maps to the attribute. Select it from the
list of column names or type the name. The column names from the SQL
SELECT query are used as the attribute selectors. For
example, if you specify the following query:
SELECT ACCOUNT_BALANCE, ACCOUNT_NUMBER FROM ACCOUNTS WHERE ACCOUNT_HOLDER_NAME = 'Joe Smith'
ACCOUNT_BALANCE and ACCOUNT_NUMBER are the column names to select from.
If your SELECT statement specifies a wildcard character, type the column name in this field.
Cache Properties
- Cache size
- Specifies the maximum number of entries to keep in the cache
- Cache entry lifetime
- Specifies the lifetime of cache entries, in seconds.