NetIQ Documentation: Novell Access Manager 3.1 SP5 Policy Guide - Creating Enterprise JavaBean Authorization Policies for J2EE Agents

3.5 Creating Enterprise JavaBean Authorization Policies for J2EE Agents

An Enterprise JavaBean (EJB) Authorization policy allows you to protect the entire bean or specific interfaces or methods. For information about designing a policy, see Section 3.1, Designing an Authorization Policy.

To create an EJB Authorization policy:

In the Administration Console, click Policies > Policies > New.
Specify a name for the policy, select J2EE Agent: EJB Authorization as the type, then click OK.
Fill in the following fields:

Description: (Optional) Specify a description for the rule.

Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and the lowest priority is 10. If two rules have the same priority, a Deny rule is applied before a Permit rule.
In the Condition Group 1 section, click New, then select one of the following:
- Credential Profile: Allows you to control access based on the credentials the user specified during authentication. For configuration information, see Section 3.6.3, Credential Profile Condition.
- Current Date: Allows you to control access based on the date of the request. For more information, see Section 3.6.4, Current Date Condition.
- Day of Week: Allows you to control access based on the day the request is made. For configuration information, see Section 3.6.5, Day of Week Condition.
- Current Day of Month: Allows you to control access based on the month the request is made. For configuration information, see Section 3.6.6, Current Day of Month Condition.
- Current Time of Day: Allows you to control access based on the time the request was made. For configuration information, see Section 3.6.7, Current Time of Day Condition.
- LDAP Attribute: Allows you to control access based on the value of an LDAP attribute. For configuration information, see Section 3.6.9, LDAP Attribute Condition.
- Liberty User Profile: Allows you to control access based on the value of a Liberty attribute. For configuration information, see Section 3.6.11, Liberty User Profile Condition.
- Roles: Allows you to control access based on the roles a user has been assigned. For configuration information, see Section 3.6.12, Roles Condition.
To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 3.1.4, Using Multiple Conditions.
In the Actions section, select either Permit or Deny.
To save the rule, click OK, then click Apply Changes.
Assign the policy to an EJB resource. See Assigning an Enterprise JavaBeans Authorization Policy to a Resource in the NetIQ Access Manager 3.1 SP5 J2EE Agent Guide.