Policy Elements Reference
id: Content_Identifier_Policy_Element_Reference slug: Policy Element Reference title: Policy Element Reference tags: [admin, guide] description: Policy Element Reference sidebar_label: Policy Element
Policy Elements Reference
This reference guide provides detailed information about the building blocks used to create Content Identification policies and rules. Understanding these elements is essential for creating effective custom policies that accurately identify and classify content.
Overview
Content Identification policies are built using XML-based policy elements that define conditions, actions, and evaluation criteria. These elements work together to create sophisticated content matching rules that can identify sensitive data across various formats and contexts.
Core Policy Structure
Policy Hierarchy
Content Identification policies follow a hierarchical structure:
Policy
├── Rules
│ ├── Conditions
│ │ ├── Policy Elements
│ │ └── Evaluation Context
│ └── Actions
└── Resources
Policy Elements
Policy elements are the fundamental building blocks that define what content to match and how to evaluate it. Each element has specific attributes that control its behavior.
Common Element Attributes
All policy elements share these common attributes:
| Attribute | Type | Description | Required | Default |
|---|---|---|---|---|
id | String | Unique identifier for the element within the policy | Yes | - |
elementRef | String | Reference to XML element name in evaluation context | Yes | - |
Number Policy Elements
Number elements evaluate numeric values within content or metadata.
| Attribute | Type | Description | Required | Constraints | Example |
|---|---|---|---|---|---|
id | String | Unique element identifier | Yes | Must be unique within policy | "Size_Under_100" |
elementRef | String | XML element name to evaluate | Yes | Valid XML element name | "DocumentSize" |
min | Integer | Minimum value for range | No* | >= 0, <= max if specified | 0 |
max | Integer | Maximum value for range | No* | >= min if specified | 100 |
*At least one of min or max must be specified.
Example:
<Number id="Size_Under_100" elementRef="DocumentSize" max="100" />
<Number id="Size_Over_100" elementRef="DocumentSize" min="100" />
Time Policy Elements
Time elements evaluate temporal data using ISO 8601 format.
| Attribute | Type | Description | Required | Format | Example |
|---|---|---|---|---|---|
id | String | Unique element identifier | Yes | - | "Last_Modified" |
elementRef | String | XML element name to evaluate | Yes | Valid XML element name | "LastModified" |
min | ISO 8601 Time | Minimum time for range | No* | HH:MM:SS+TZ | "14:20:00+02:00" |
max | ISO 8601 Time | Maximum time for range | No* | HH:MM:SS+TZ | "15:00:00+02:00" |
*At least one of min or max must be specified.
Supported Time Formats:
HH:MM:SS(24-hour format)HH:MM:SS+TZ(with timezone offset)HH:MM:SS.sss(with milliseconds)
Example:
<Time elementRef="Last_Modified" min="14:20:00+02:00" max="15:00:00+02:00" />
String Policy Elements
String elements evaluate text content using various matching criteria.
| Attribute | Type | Description | Required | Options | Example |
|---|---|---|---|---|---|
id | String | Unique element identifier | Yes | - | "FileName_Pattern" |
elementRef | String | XML element name to evaluate | Yes | Valid XML element name | "FileName" |
value | String | String value to match | Yes | Any string | "confidential" |
caseSensitive | Boolean | Case-sensitive matching | No | true, false | false |
matchType | String | Type of string matching | No | exact, contains, regex, wildcard | contains |
Match Types:
exact: Exact string matchcontains: Substring matchregex: Regular expression patternwildcard: Wildcard pattern (* and ?)
Example:
<String id="FileName_Pattern" elementRef="FileName" value="*confidential*" matchType="wildcard" caseSensitive="false" />
Boolean Policy Elements
Boolean elements evaluate true/false conditions.
| Attribute | Type | Description | Required | Values | Example |
|---|---|---|---|---|---|
id | String | Unique element identifier | Yes | - | "IsEncrypted" |
elementRef | String | XML element name to evaluate | Yes | Valid XML element name | "Encrypted" |
value | Boolean | Boolean value to match | Yes | true, false | true |
Example:
<Boolean id="IsEncrypted" elementRef="Encrypted" value="true" />
Evaluation Context
The evaluation context provides the data that policy elements can reference. It contains metadata and content information extracted from the analyzed content.
Common Context Elements
| Element Name | Type | Description | Example Value |
|---|---|---|---|
DocumentSize | Number | File size in bytes | 1048576 |
FileName | String | Name of the file | "report.docx" |
FileExtension | String | File extension | ".docx" |
LastModified | Time | Last modification time | "14:45:03.520+02:00" |
Created | Time | Creation time | "09:30:15.000+02:00" |
Encrypted | Boolean | Whether content is encrypted | false |
ContentType | String | MIME type of content | "application/pdf" |
Content-Specific Elements
Different content types provide additional context elements:
Document Files:
PageCount(Number)WordCount(Number)Author(String)Title(String)
Image Files:
Width(Number)Height(Number)ColorDepth(Number)Format(String)
Email Messages:
Subject(String)Sender(String)Recipients(String)AttachmentCount(Number)
Rule Conditions
Conditions combine policy elements using logical operators to create complex matching criteria.
Logical Operators
| Operator | Description | Example |
|---|---|---|
AND | All conditions must be true | <AND><Element1/><Element2/></AND> |
OR | At least one condition must be true | <OR><Element1/><Element2/></OR> |
NOT | Condition must be false | <NOT><Element1/></NOT> |
Condition Structure
<Condition>
<AND>
<Number id="LargeFile" elementRef="DocumentSize" min="1000000" />
<String id="SensitiveContent" elementRef="FileName" value="confidential" matchType="contains" />
</AND>
</Condition>
Identifying Elements in Results
When multiple conditions can match the same policy element, you can use the id attribute to identify which specific condition matched in the results.
Best Practices
Element Design
-
Use Descriptive IDs: Choose meaningful identifiers that clearly describe the element's purpose
<!-- Good -->
<Number id="LargeDocument_Over10MB" elementRef="DocumentSize" min="10485760" />
<!-- Avoid -->
<Number id="num1" elementRef="DocumentSize" min="10485760" /> -
Optimize Range Conditions: Use appropriate min/max values to avoid unnecessary processing
<!-- Efficient for file size checks -->
<Number id="ReasonableFileSize" elementRef="DocumentSize" min="1024" max="104857600" /> -
Case-Insensitive String Matching: Use case-insensitive matching for better coverage
<String id="SensitiveKeyword" elementRef="Content" value="confidential" caseSensitive="false" />
Performance Considerations
- Limit Complex Regex: Use simple patterns when possible to improve performance
- Order Conditions: Place most selective conditions first in AND operations
- Use Appropriate Match Types: Choose the most efficient match type for your use case
Error Handling
- Validate Element References: Ensure
elementRefvalues correspond to available context elements - Check Range Constraints: Verify that min/max values are logically consistent
- Test Time Formats: Validate ISO 8601 time format compliance