Defining a rule in the Rule Editor

This topic explains how to define a rule in the Rule Editor. It includes the following sections:

About compliance rules

Compliance rules give you great flexibility when analyzing component parts or properties. You can test for the presence or absence of template parts, or you can evaluate characteristics of component properties, such as equivalence, inequality, membership in a list, or inclusion in a range of values. If necessary, comparisons can be case sensitive. Compliance rules based on parts can examine a wide range of part attributes. For example, a compliance rule can examine an application's installation date, a registry key's permissions, or a file's content.

The Rule Definition tab lets you create or edit an individual compliance rule for association with the component template. Compliance rules may vary in complexity, and each rule can contain any number of the following types of conditions:

  • basic conditions  that use various comparison operators to
    • check for the existence or number of occurrences of a configuration object (a cardinality condition)
    • compare configuration object properties or component properties with defined values or with other such properties
  • conditional constructs for organizing conditions in an if-then-else logical sequence

  • loops for iterative analysis of conditions

    Note

    A status bar below the Rule Editor guides you through the process of creating or editing a rule, with information about what to do next or short error messages (in red) to help you correct invalid input.

The Rule Definition tab of the Compliance Rule Editor also lets you test whether particular components satisfy the compliance rule that you have defined through the Compliance Rule Editor. This procedure does not actually run the compliance rule on the components. To perform that procedure see Creating-Compliance-Jobs or Compliance-results.

To create or edit a rule

  1. On the Rule Definitiontab, do one of the following:
    1. To add the first condition to an empty rule, click the New Condition g_V95_AddIcon.gificon for a basic condition, or click the drop-down arrow beside this icon and select from the full range of available condition types.
      1. Basic Condition for a basic condition
      2. If... Then... End, Elseif, or Else for a conditional construct or block within it
      3. Foreach Loop, Count Loop, or Exists Loop for the loop of your choice
    2. To add a new condition to a rule that already contains other conditions, select the line above where you want the condition to appear before using the New Condition icon.
    3. To edit an existing condition, double-click the line that you want to edit. The text within the selected line is displayed in editable fields.
    4. To copy conditions from another location, select the relevant lines in the current rule or in a different rule, and click either Copy selected conditions g_V95_CopyIcon.gifor Cut selected conditions g_V95_CutIcon.gif. Then place your cursor in the line above where you want to paste the conditions and click Paste conditions g_v95_PasteIcon.gif.
  2. In the displayed fields, provide the necessary input (such as operands and operators), as discussed separately for each type of condition in the following sections:
    1. Defining-a-basic-condition
    2. Defining-a-conditional-construct
    3. Defining-a-loop
  3. Repeat the previous steps for all of the conditions that you want to include in the rule.
  4. To modify the logical organization of multiple conditions, you can use any of the following additional options:
    1. Set logical operators between conditions (either AND or OR) through the last drop-down box at the end of each line. Within one block of conditions, all conditions on the same level must be connected using the same logical operator.
    2. To rearrange the order of conditions in the rule, select the relevant lines and click either Move up selected conditions g_v95_moveUp.gifor Move down selected conditions g_v95_moveDown.gif.
    3. Use the Not icon to add the NOT logical operator to a selected line. This logically reverses the TRUE/FALSE outcome of the full expression.
    4. Add parentheses to a selected line.

    5. To delete a condition, select the relevant line and click Delete Selected Condition g_V95_DeleteIcon.gif.

      Note

       Within the display of conditions, condition operands or loop operands that are very long are truncated and end with an ellipsis (...). To view the full text within such conditions or loops, click the Condition Zoom In View g_v95_ruleZoom.gificon and select the relevant lines. The selected lines are presented in the read-only Rule Editor Condition Zoom view. 

  5. Click Save g_v95_saverules.gif.
  6. To test the rule, see Testing-a-compliance-rule.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*