MeshComposer
MeshComposer is a rule-based engine for dynamically composing groups from mesh objects. Rules define criteria that match source objects and either create a new group or populate an existing one with matching members.
Concepts
- Rule — a named unit of composition. Each rule has a mode, a source object type to query, criteria that select members, and a target group.
- Mode —
Createbuilds a new mesh object to act as the group.Populateadds members to an existing mesh object. - Criteria — a tree of attribute conditions (AND/OR groups) that filter source objects. Conditions support operators like equals, contains, starts with, ends with, is present, is not present, is true, and is false.
- Publish Targets — optional connector overrides. When set, evaluation queues export entries for the specified connectors. If empty, the composed group flows through standard projection/export rules.
- Evaluate — executes the rule: matches source objects against criteria, adds new members, removes stale members, and queues the group for export.
- Relationship Type — the relationship label between the group and its
members (default
member_of). Relationships are tagged with sourceMeshComposer:{ruleId}for traceability.
How-To: Create a Composed Group
Step 1 — Define Object Types and Schemas
Before creating composer rules, ensure you have registered the relevant
object types and attribute schemas. The source object type determines which
mesh objects the criteria query against. For Create mode, you also need a
target object type for the new group (e.g., group).
Step 2 — Create a Composer Rule
- Navigate to MeshComposer in the Admin UI sidebar.
- Click New Rule.
- Fill in the rule details:
- Name — descriptive name (e.g., “Sales Department Members”).
- Description — optional notes.
- Mode — choose
Create new grouporPopulate existing group.
Create Mode
Choose this when the composer should create and own the group object.
- Target Object Type — the mesh object type for the new group
(e.g.,
group). - Target Anchor Value — a unique identifier for the group
(e.g.,
composed-sales-team). - Display Name — friendly name stored as the
displayNameattribute.
The mesh object is created automatically on first evaluation. You do not need to create it manually.
Populate Mode
Choose this when the group already exists as a mesh object (e.g., imported from a connector).
- Target Object Type — optionally filter the search by type.
- Target Mesh Object — use the typeahead search to find and select the existing mesh object by anchor value or display name.
Step 3 — Configure Criteria
- Select the Source Object Type (e.g.,
user) — this determines which attributes are available in the condition dropdowns. - Build the criteria tree:
- Click Condition to add an attribute filter.
- Select an Attribute, an Operator, and a Value.
- Click Group to add a nested AND/OR group for complex logic.
- Toggle the group operator button (AND/OR) to switch logic.
Example: match all users in the Sales department:
AND
├── department equals "Sales"
└── objectType equals "user"Example: match users in Sales OR Marketing who are active:
AND
├── accountEnabled is true
└── OR
├── department equals "Sales"
└── department equals "Marketing"Step 4 — Preview
Before saving, use the inline Preview button to see which mesh objects match the current criteria. The preview shows anchor value, object type, and key attributes. Results can be exported to CSV.
Step 5 — Save the Rule
Click Save. The rule and its criteria tree are persisted together. The rule is saved in the disabled state by default — toggle the Enabled switch to activate it.
Step 6 — Configure Publish Targets (Optional)
After saving, click the Targets button (share icon) on the rule row. Add connectors that should receive the composed group on export. If no publish targets are configured, the group follows standard projection and export rules.
Step 7 — Evaluate
Click the Evaluate button (play icon) on the rule row. The engine:
- Finds or creates the target group mesh object (Create mode only).
- Queries all mesh objects matching the source type and criteria.
- Adds new member relationships and removes stale ones.
- Queues the group for export (if membership changed).
A banner displays the result: members added, removed, and total count.
Step 8 — Verify
- Click Preview (magnifier icon) to see the current membership list.
- Navigate to Mesh Objects and search for the group to view its attributes and relationships.
How-To: Edit or Delete a Rule
Edit
Click the Edit button (pencil icon) on the rule row. The modal opens with all fields and the criteria tree pre-populated. Modify as needed and click Save.
Delete
Click the Delete button (X icon) on the rule row and confirm. Deletion removes:
- All
MeshComposer:{ruleId}relationships. - The target mesh object (Create mode only), including its attributes, relationships, and export queue entries.
- Criteria groups, criteria, and publish targets (via cascade).
Populate-mode rules do not delete the target mesh object since it was not created by the composer.
API Endpoints
Rules
| Method | Path | Description |
|---|---|---|
| GET | /api/composer/rules | List all rules with member counts |
| POST | /api/composer/rules | Create a new rule |
| GET | /api/composer/rules/{id} | Get rule by ID |
| PUT | /api/composer/rules/{id} | Update rule |
| DELETE | /api/composer/rules/{id} | Delete rule and associated mesh object |
| POST | /api/composer/rules/{id}/enable | Enable rule |
| POST | /api/composer/rules/{id}/disable | Disable rule |
Criteria
| Method | Path | Description |
|---|---|---|
| GET | /api/composer/rules/{id}/criteria | Get criteria tree |
| PUT | /api/composer/rules/{id}/criteria | Save criteria tree |
Publish Targets
| Method | Path | Description |
|---|---|---|
| GET | /api/composer/rules/{id}/targets | List publish targets |
| POST | /api/composer/rules/{id}/targets | Add publish target |
| DELETE | /api/composer/targets/{targetId} | Remove publish target |
Preview & Evaluate
| Method | Path | Description |
|---|---|---|
| POST | /api/composer/rules/{id}/preview | Preview matching members (paginated) |
| POST | /api/composer/preview-criteria | Ad-hoc criteria preview (no saved rule needed) |
| POST | /api/composer/rules/{id}/evaluate | Evaluate rule and update memberships |
Permissions
| Permission | Required For |
|---|---|
composer.read | Viewing rules, criteria, targets, previews |
composer.write | Creating, editing, deleting rules, criteria, targets |
composer.execute | Evaluating rules |
Storage
Composer rule definitions, criteria, and publish-target overrides
are persisted in the IdentityMesh database. Composer-created
relationships are tagged with the source label
MeshComposer:{ruleId} so they’re easy to identify and (if a rule
is removed) clean up.