Database Configuration Conditions
It is possible to define if/then/else logic in the database policy. This allows the end-user to return a warning message rather than pass/fail in case an audit passes.
The syntax to perform conditions is the following:
<if>
<condition type: "or">
<Insert your audit here>
</condition>
<then>
<Insert your audit here>
</then>
<else>
<Insert your audit here>
</else>
</if>
Example:
<if>
<condition type: "or">
<custom_item>
type: SQL_POLICY
description: "clr enabled option"
info: "Is CLR enabled?"
sql_request: "select value_in_use from sys.configurations where name = 'clr enabled'"
sql_types: POLICY_INTEGER
sql_expect: "0"
</custom_item>
</condition>
<then>
<custom_item>
type: SQL_POLICY
description: "clr enabled option"
info: "CLR is disabled?"
sql_request: "select value_in_use from sys.configurations where name = 'clr enabled'"
sql_types: POLICY_INTEGER
sql_expect: "0"
</custom_item>
</then>
<else>
<report type: "WARNING">
description: "clr enabled option"
info: "CLR(Command Language Runtime objects) is enabled"
info: "Check system policy to confirm CLR requirements."
</report>
</else>
</if>
Whether the condition fails or passes never shows up in the report because it is a “silent” check.
Conditions can be of type “and” or “or”.