The Identity Panel Rule Engine is a dynamically typed interpreted expression language that operates on a context object and returns a value.
Like many DSLs (Domain Specific Language), the Rule Engine is not Turing Complete, which means it is not a full programming language. However, the Rule Engine is extensible, and new functions for the Rule Engine can be written in any .NET programming language.
The Rule Engine is used extensively in Identity Panel, any where value transformation logic is required, including:
- Schedule conditions
- Testing Health check results
- Workflow triggers
- Values in workflow actions
- Join rules
- Shutter view value formatting
- Report fields and transformation
- Uplift flow rules for MIM
- Value calculation for MIM Test
Because the Rule Engine is used to support so many features, and because it represents one of the major points of extensibility for the Panel platform, users who want to do advanced administration tasks should familiarize themselves with Rule Engine syntax.
expression = literal | special value | object property | function | operator | parenthetical literal = string | boolean | number special value = special.name.key name, key = (letters, digits, or ':', '-', and space) object property = name.(name|special value)... function = Name(expression,...) operator = expression oper expression oper = && | || | == | != | < | <= | > | >=
parenthetical = (expression)
Types of Rule
Because rules are expressions, just like expressions in a languages there are different types, and some may be nested. See the following links for details about each of the rule types:
Rule Engine Context
Generally, any field in Identity Panel that accepts rule engine formatting will have the '?' icon to display the rule engine helper. Generally the default context object is pre-selected in the Object Properties section of the rule engine helper. In other cases you can refer to the documentation for that section.
If the Rule Engine helper says the field uses templating, then any rule values must be enclosed in square braces.
Value Type Conversion
Because it's based on the .NET runtime individual rule engine values have defined .NET types. However, the Rule Engine does automatic type coercion for comparison operands, function arguments, and string interpolation. Rules are also automatically type coerced e.g. to boolean, string, or number as needed when they are used by Identity Panel.
Not all types are coerced to all other types, only ones where a reasonable mapping is available. Sometimes handling is desired for an explicit type. In this ritual you can use type coercion functions.
See Rule Type Coercion for standard conversions.
Because it is possible to get into quite advanced expressions in the Rule Engine, Identity Panel includes a testing interface just for writing rules.
Click on Settings -> Test and Recover (MIM Test) -> Rule Tester
The rule tester uses the same dataset query interface as the reporting engine. You select a data type, then add parameters to constrain the result set.
Finally enter a Value Rule. This will be applied to the first 20 objects returned by the query and displayed. You may enter rules that operate on the object, or sometimes you may just enter a rule that produces a value on its own without reference to the context object.
Clicking on the magnifying glass in the results will show the JSON details of the object. This may be used for inspecting the structure of the object for property types and values to execute rules against.