# any basic building block may appear anywhere in a rulesheet as long as each building block isn't
# broken apart (i.e. remains contiguous)
# basic building blocks are things like rules, include directives, & alias declarations
# examples of Booliette alias declarations
alias
replace:
under-all-conditions
with:
under-any-condition
alias
replace:
for-all-users
with:
for-any-user
# an example of an unconditional include directive along with an alias declaration
alias
replace:
TheWijisPolicy
with:
"http://www.wijis.gov/incidentreport.xsd"
include
doctype:
TheWijisPolicy
revision:
41
default-rule
id:
60
# Deny by default any information unless a specific applicable rule exists.
apply-outcomes:
deny
rule
id:
100
# Redact and admit IncidentLocation information for all users.
apply-outcomes:
redact
for-content:
* content has-caption 'incident:IncidentLocation'
for-conditions:
* all-true
* under-all-conditions
* for-all-users
rule
id:
131
# Redact and admit ArrestOfficial information
# when the user context is NOT Gatepoint Auditor role.
apply-outcomes:
redact
for-content:
* content has-caption 'incident:ArrestOfficial'
for-conditions:
* inherent-role-list does-not-have-semantic 'http://wijiscommons.org/cdcl/demo/GatepointAuditor/'
rule
id:
211
# Anything semantically tagged as PII is disclosed with an obligation
# to "Do not disseminate to third parties".
apply-outcomes:
disclose
obligation
text:
Do not disseminate to third parties
for-content:
* content has-semantic 'http://mtkr.org/reg/PII/'
for-conditions:
* for-all-users
rule
id:
73
# Disclose and add notification
# (mailto:james.pingel@wisconsin.gov;whblondeau@yahoo.com SUBJECT:"Gatepoint Alert"
# BODY:"ArrestOfficial information was disclosed to user *username* at *current time*")
# to ArrestOfficial when the user context has Gatepoint Auditor role
# or Security Analyst role.
apply-outcomes:
disclose
email-notification-of-disclosure
address-list:
james.pingel@wisconsin.gov
whblondeau@yahoo.com
subject:
Gatepoint Alert
body:
ArrestOfficial information was disclosed to user {username} at {currenttime}
for-content:
* content has-caption 'incident:ArrestOfficial'
for-conditions:
* all-true
* under-all-conditions
* at-least-one-true
* inherent-role-list has-semantic 'http://wijiscommons.org/cdcl/demo/GatepointAuditor/'
* inherent-role-list has-semantic 'http://wijiscommons.org/cdcl/demo/SecurityAnalyst/'
rule
id:
253
# Redact and deny ArrestOfficial (and all it children nodes) when
# the user context is Business Analyst role.
apply-outcomes:
deny
for-content:
* content has-caption 'incident:ArrestOfficial'
for-conditions:
* inherent-role-list has-semantic 'http://wijiscommons.org/cdcl/demo/BusinessAnalyst/'
Content of this site remains the property of its poster.