3.4 Creating Web Authorization Policies for J2EE Agents

A Web Authorization policy specifies the criteria a user must meet to either allow access or deny access to a resource. For example, if you create a Sales role and assign it to the users, the role can be used to allow access to the sales applications and to deny access to resource management applications. For information about designing a policy, see Section 3.1, Designing an Authorization Policy.

To create a Web Authorization policy:

  1. In the Administration Console, click Policies > Policies > New.

  2. Specify a name for the policy, select J2EE Agent: Web Authorization as the type, then click OK.

  3. Fill in the following fields:

    Description: (Optional) Specify a description for the rule.

    Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and the lowest priority is 10. If two rules have the same priority, a Deny rule is applied before a Permit rule.

  4. In the Condition Group 1 section, click New, then select one of the following:

  5. To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 3.1.4, Using Multiple Conditions.

  6. In the Actions section, select either Permit or Deny.

  7. To save the rule, click OK twice, then click Apply Changes.

  8. Assign the policy to a Web resource. See Assigning a Web Authorization Policy to the Resource in the NetIQ Access Manager 3.1 SP5 J2EE Agent Guide.