Enhance Rule-Based Password Expiry to Support OR Operator within Rules

[PasinduYeshan]

Current Limitation

Currently, the rule-based password expiry system applies rules as follows:

• Default Rule: Apply password expiry for 30 days.
• Rule 1: Apply password expiry for 20 days for users with Role A AND Role B.
• Rule 2: Skip password expiry for users with Role C.

The first applicable rule is applied to the user. At present, within a rule, role-based conditions are evaluated using the AND operator. This means that if an admin wants to apply a rule for users with Role A OR Role B, they need to create multiple separate rules, leading to unnecessary duplication and complexity.

Suggested Improvement

Introduce support for the OR operator within rules, allowing administrators to define conditions like:

• "Apply password expiry for users with Role A OR Role B" instead of having to create separate rules for each role.

Expected Benefits:
✅ Reduces redundancy in rule definitions.
✅ Provides greater flexibility for defining password expiry policies.
✅ Simplifies rule management for administrators.

Version

No response