An advanced policy script example

Here is another sample script; this script extends the starter script example and uses the User and SQL Query modules to allow access only to users who are in a role that starts with k. Although this may not be a practical example, it demonstrates the full power of policy scripting.

if(!context.onPrem){
      trace("not onprem");
      var umod = module('User');
      var user = umod.GetCurrentUser();
      trace (user.Username);
      trace (user.DisplayName);
      trace (user.Properties.Get('mail'));
      var sqlMod = module('SqlQuery');
      var roles = sqlMod.query('select * from role where ID like "k_%"');
      var inkrole = false;
      for(var i = 0; i < roles.length; i++ )
      {
            var krole = roles[i].ID;
            if(user.InRole(krole)){
            inkrole = true;
            break;
            }
      }
      if(!inkrole){
            trace("block specified role");
            policy.Locked = true;
      }
}