Click Policies > Policies.
In the Policy Container list, select the container.
You can perform the following tasks on this page:
Before creating policies, you need to design your policy strategy. For example, if you are going to use role-based access, decide which roles you need and which roles allow access to your protected resources.
You must first create roles required for Authorization policies that grant and deny access. If you have already created the roles and assigned them to users in your LDAP user store, you can use the values of your role attributes in the Authorization policies instead of using Access Manager roles.
To create a policy, see the following sections:
You can sort policies by name and by type. On the Policies page, click Name in the Policy List, and the policies are sorted alphabetically by name. To sort alphabetically by type, click Type in the Policy List.
You can also use containers to organize your policies. See Managing Policy Containers.
A policy cannot be deleted as long as a resource is configured to use the policy. This means that you must remove the policy from all protected resources for Access Gateway.
Roles can be used by Authorization, Form Fill, and Identity Injection policies. Before you can delete a Role policy, you must remove any reference to the role from all other policies.
Copy: To copy a policy, select a policy, click Copy, then click OK. This is useful when you create multiple policies with minor variations. You must rename the policy after making required modifications.
Rename: To rename a policy, select a policy, click Rename, specify a new name, and click OK.
Policies that are created in Administration Console can be exported and used in another Administration Console that is managing a different group of Access Gateways and other devices. Each policy type has slightly different import requirements. See the following:
If you have made changes in policy assignments that are not reflected on the page, click Refresh References. This action can take a while to complete if you have numerous policies and have assigned them to protect numerous resources. Administration Console needs to verify the configuration of each device.
The Policy List table displays the following information about each policy:
|
Column |
Description |
|---|---|
|
Name |
Displays the name of the policy. To modify a policy, click its name. |
|
Type |
Specifies the type of policy (Authorization, Identity Injection, Roles, or Form Fill) and the type of resource that can use it (Identity Server or Access Gateway). |
|
Used By |
Displays the name of Access Gateway or Identity Server configuration that the policy is assigned to. If the policy is unassigned, this column has no value. If the policy is assigned to a protected resource, click the down-arrow button to view the names of the resources it has been assigned to. |
|
Extensions Used |
Specifies whether the policy uses any extensions. |
|
Description |
Displays a description of the policy. |