Rule Expressions are the parameters by which DLP policies determine a user or group's ability to login into the FileCloud system, as well as downloading or sharing files. Rule Expressions also enable administrators to access detailed information about user activity on their FileCloud installations.
Logical operators
DLP permits users to implement two or more rules using the logical operators '&&' , '||', and '!'.
Learn more about logical operators.
DLP Rule Expressions
| Expression | What does the expression do? | Sample returned value | Applicable actions |
|---|---|---|---|
| _request.remoteIp | Returns the IP address that was used to execute the action. | _request.remoteIp == '43.12.45.78' | DOWNLOAD, LOGIN |
| _request.agent | Returns the user agent that was used to execute the action. The possible values are: 'FileCloudDrive2' for FileCloud Drive 2, 'FileCloudDrive' for FileCloud Drive1, 'FileCloud Drive' for the new version of FileCloud Drive (CloudDrive) and 'Cloud Sync' for FileCloud Sync, 'Unknown', 'Web browser', 'Android', 'iOS', 'MS Outlook' and 'MS Office'. | _request.agent == 'Unknown' | DOWNLOAD, LOGIN |
| _request.inIpv4Range(lowIp, highIp) | Checks if the IP address that was used to execute the action is part of a given IP range, represented by limits of the range (given with the parameters). | _request.inIpv4Range('138.204.26.254', '138.204.26.1') | DOWNLOAD, LOGIN |
| _request.remoteCountryCode | Returns the two-character uppercase ISO country code. Returns "Unknown" if country could not be determined. | _request.remoteCountryCode == 'US' | DOWNLOAD, LOGIN |
| _request.inIpV4CdirRange(cdirRange) | Checks if the IP address used to execute the action matches the given CDIR range | _request.inIpV4CdirRange('10.2.0.0/16') | DOWNLOAD, LOGIN |
| _user.username | Returns the name of the user trying to execute an action. | _user.username == 'FileCloudUser' | DOWNLOAD, LOGIN, SHARE |
| _user.email | Returns the email of the user trying to execute an action. | _user.email == 'john.doe@mail.com' | DOWNLOAD, LOGIN, SHARE |
| _user.userType | Return the type of user that is trying to execute the action. The available types are: 'Full Access', 'Limited Access', 'Guest Access' | _user.userType == 'Guest Access' | DOWNLOAD, LOGIN, SHARE |
| _user.inGroup(groupName) | Checks if a user is part of a given group. | !_user.inGroup('managers') | DOWNLOAD, LOGIN, SHARE |
| user.isEmailInDomain(domainsToCheck) | Checks if a user's email id matches a given list of domains. The 'domainsToCheck' parameter can be a single domain, or a comma-separated domains list. | _user.isEmailInDomain('example.com', 'mail.com') | SHARE |
| _file.path | Returns the path that was accessed. | _file.path == '/myuser/mydir/myfile.pdf' | DOWNLOAD |
| _file.pathStartsWith(start) | Returns true when the path has been accessed. Starts with the given `start` parameter. | _file.pathStartsWith('/myuser/mydir') | DOWNLOAD |
| _metadata.exists(metadataValue) | Checks if the path, or one of its children, have the given metadata attribute set. The metadata attribute must be provided using the `metadataSet.attribute` notation. | _metadata.exists('cce.pii') | DOWNLOAD, SHARE |
| _metadata.existsWithValue(metadataValue, value) | This function is similar to the `exists` function, but it checks if the metadata attribute (first parameter) exists, and if its value is equal to a given value (second parameter). | _metadata.existsWithValue('content.category', 'confidential') | DOWNLOAD, SHARE |
| _metadata.existsWithCondition(metadataValue, operator, value) | This function is similar to the `existsWithValue` function, but it takes an operator parameter (second) that will be used to compare the metadata attribute value (first parameter) with the provided value (third parameter). The available operators are: `==` (equals), `!=` or `<>` (not equal), `>` (greater than), `<` (less than), `>=` and `<=`. Keep in mind that when the metadata and the third operator are numbers, they'll be compared as numbers. If any are not a number, they'll be compared alphabetically (dates, for example, cannot be compared using `>, <, >=, <=`). The sample checks if the risk level of a document is greater than 6. | _metadata.existsWithCondition('content.Risk Level', '>', 6) | DOWNLOAD, SHARE |
| _share.path | Returns the path of the share. | _share.path == '/myuser/mydir/myfile.pdf' | SHARE |
| _share.public | Returns true or false if the share is public or not. | _share.public | SHARE |
| _share.allowedUsers | Returns a list of the allowed users of the share (including the users in an allowed group). The list contains the users' email addresses. | 'john.snow@mail.com' in _share.allowedUsers | SHARE |
| _share.allowedGroups | Returns a list of the allowed groups of the share. | 'EVERYONE' in _share.allowedGroups | SHARE |
| _share.hasUsersFromDomain(domain) | Checks if the allowed users list has any users that the email domain matches with the given domain. In the provided sample, the expression will return true if any user with a gmail email is included as an allowed user (directly or through a group). This method only makes sense with DENY rules. | _share.hasUsersFromDomain('gmail.com') | SHARE |
| _share.onlyUsersFromDomain(domain) | Similar to the `hasUsersFromDomain` function, but it checks if the allowed users list has any user with an email domain that doesn't match the given domain. In the provided sample, the expression only returns true if all users have their emails in the `mycompany.com` domain. This method only makes sense with ALLOW rules. | _share.onlyUsersFromDomain('mycompany.com') | SHARE |
| _share.pathStartsWith(start) | Returns true when the shared path starts with the given `start` parameter. | _share.pathStartsWith('/myuser/mydir') | SHARE |
| _share.pathContains(text) | Returns true when the shared path contains the given `text` parameter. | _share.pathContains('sometext') | SHARE |
| _share.pathMatches(pattern) | Returns true when the path matches the given `pattern` parameter. Wildcards are supported: `*` for any sequence of characters and `#` for a single character. | _share.pathMatches('*sometext*') | SHARE |
Logical Operators
DLP allows users to implement logical operators to further refine and specify their data leak prevention rules.
Logical Operator Examples
| Applicable Action | DLP Ruling | Rule Expressions | Result |
|---|---|---|---|
| DOWNLOAD | DENY | _user.username == 'john' && _user.inGroup('engineers') | User 'john' in group 'engineers' will not be permitted to download any files. |
| DOWNLOAD | ALLOW | _user.inGroup('accounting') || _request.remoteIp == '69.89.31.226.' | Users in group 'accounting' or users from the listed IP will be permitted to download files, but no other users will be permitted. |
| SHARE | DENY | !_user.inGroup('designers') | Users who are not a member of group 'designers' will not be permitted to share files. |