Cisco Systems CSACS3415K9 Manual De Usuario

Use compound conditions to define a set of conditions based on any attributes allowed in simple policy 
conditions. You define compound conditions in a policy rule page; you cannot define them as separate 
condition objects.

This section contains the following topics:

 shows the building blocks of a compound condition.

Operands—Any attribute or condition type, such as Protocol/Request Attributes, Identity 
Attributes, Identity Groups, Network Device Groups (NDGs), Date/Time, and Custom or Standard 
Conditions.

Relational Operators—Operators that specify the relation between an operand and a value; for 
example, equals (=), or does not match. The operators that you can use in any condition vary 
according to the type of operand. 

Binary condition—A binary condition defines the relation between a specified operand and value; 
for example, [username = “Smith”].

Logical Operators—The logical operators operate on or between binary conditions. The supported 
logical operators are AND and OR. 

Precedence Control—You can alter the precedence of logical operators by using parentheses. 
Nested parentheses provide administrator control of precedence. The natural precedence of logical 
operators, that is, without parenthesis intervention, is NOT, AND, OR, where NOT has the highest 
precedence and OR the lowest.

 

summarizes the supported dynamic attribute mapping while building Compound 

Conditions.