If you have configured some Access Manager role policies (see Section 6.2.3, Creating Roles), you can use these roles as conditions to control access. Roles are not assigned to users until the users authenticate. All authenticated users are assigned the authenticated role. If you use a comparison type of starts with, ends with, or contains substring, carefully evaluate the potential results. For example, if you specify ed as the value for an ends with comparison, the condition matches roles such as contracted and assigned that you created, but it also matches the authenticated role.
Specify the following details:
Roles: Select the role. To compare the roles the user is currently assigned with a specific role, select [Current].
Comparison: Select one of the following types:
Comparison: String: Specifies that you want the values compared as strings, and how you want the string values compared. Select one of the following:
Equals: Indicates that the values must match, letter for letter.
Starts with: Indicates that the Roles value must begin with the letters specified in the Value field.
Ends with: Indicates that the Roles value must end with the letters specified in the Value field.
Contains Substring: Indicates that the Roles value must contain the letters, in the same sequence, as specified in the Value field.
Comparison: Regular Expression: Matches: Specifies that you want the values compared as regular expressions.
Mode: Select the mode appropriate for the comparison type:
Comparison: String: Specify whether case is important by selecting Case Sensitive or Case Insensitive.
Comparison: Regular Expression: Matches: Select one or more of the following:
For regular expression syntax information, see the Javadoc for java.util.regex.Pattern.
Value: If you have created Identity Server roles policies, select Roles, then select the role you want the user to match this condition. The authenticated role is assigned to all users when they authenticate. If you have defined a Liberty User Profile or an LDAP attribute for a role, you can select this option, then select your attribute.
You can use the Data Entry Field option to enter the name of the role you want to test for. If you have activated roles from an external source, use this option to specify the name of the role.
Result on Condition Error: Specify what the condition returns when the comparison of the two values returns an error rather than the results of the comparison. Select either False or True. If you do not want the action applied when an error occurs, select False. If you want the action applied when an error occurs, select True.