If Access Manager does not supply the action, the data type, or the condition that you need for a policy, you can add a customized policy extension. For example, suppose you need a policy that grants access based on whether a user has a specific role which is assigned to users in an Oracle database. The custom extension can read role assignments of a user from the Oracle database and return a string containing the role names. You can use this data to determine access to resources.
For information about creating a policy extension, see the the NetIQ Access Manager 5.0 Administration API Guide.
After a policy extension has been created, perform the following tasks to use the extension:
After configuring the extension, you can perform the following tasks: