When you add or modify a database policy information point (PIP), you configure a
connection to a data source. You also determine what information to use from the data
source.
Connection properties
- Name
- Identifies the policy information point instance. This name must be unique
to the instance. Do not use a predefined IBM Security Access Manager for
Mobile policy information point issuer name.
The name that you create is
the issuer for any attributes that the policy information point instance
returns.
- Description
- Describes the policy information point. (Optional)
- Type
- Specifies the policy information point type, which is
Database. (Read only)
- Server Connection
- Specifies the database from which to retrieve the attributes. Select one of
the defined databases from the list. If the database you require is not
available to select in the list, you must define it. See Managing server connections.
Attribute properties
- SQL Query
- Specifies the SQL SELECT statement that queries the
database for information. You can use any valid SQL
SELECT statement. You cannot add an attribute unless
you enter a query statement in this field.
The format of the SELECT
statement:
SELECT COLNAME1,
COLNAME2, ..., COLNAMEn
FROM TABLE WHERE ...
You can
also dynamically create the query by using attribute values in a query
at run time. The attribute that you use must match the name field of
that attribute. In the following example, the user name for the request
is substituted in the query at run time. The name of the attribute is
username:
SELECT
COLNAME1, COLNAME2, ...,
COLNAMEn FROM TABLE WHERE
ACCOUNT_HOLDER = {username}
Note: You can specify
only a single select statement when you configure the database policy
information point. If you specify multiple SQL statements, an error
message is returned. Do not end the statement with a
semicolon.
- Attribute
- Specifies the attributes that are retrieved from a response and that can be
used in a policy or risk score. The database column is mapped to the
associated attribute. You can use one or more attributes. You also can add,
modify, or delete attributes.
- Database Column
- Specifies the database column that maps to the attribute. Select it from the
list of column names or type the name. The column names from the SQL
SELECT query are used as the attribute selectors. For
example, if you specify the following query:
SELECT
ACCOUNT_BALANCE, ACCOUNT_NUMBER FROM ACCOUNTS WHERE
ACCOUNT_HOLDER_NAME = 'Joe
Smith'
ACCOUNT_BALANCE and
ACCOUNT_NUMBER are the column names to select
from.
If your SELECT statement specifies a
wildcard character, type the column name in this field.