Administration Guide › Custom Roles and Policies › Configuring Custom User Roles and Access Policies › Test a New Policy

Test a New Policy

You can test whether a new policy is syntactically correct with the Test Policies feature. The Test Policies feature lets you run ad-hoc queries against the access policies you define. You can consider a permission as a request: "Can {identity} perform {action} against the resource of type {resource class} and of name {resource} [with the following attributes}] [at the {specified time}]?" A result of ALLOW means that the identity you entered can perform the specified action on the specified resource with the specified attributes at the specified time.

Before you begin, have your policy at hand.

To test a policy

1. Click the Administration tab and the User and Access Management subtab.
2. Click Test Policies.

   The Permission Check Parameters page appears.

3. If the policy you plan to check was one where you selected Pre-Deployment and added labels, then check the check box that indicates you want to include pre-deployment policies and add the associated labels.
4. Complete the entry fields. If your policy includes filters, specify the filters in the order that they appear in the policy.
5. Click Run Permission Check.
6. Observe the result and proceed in one of the following ways:
   • If the result is ALLOW, log on to CA Enterprise Log Manager as a user specified as an identity in this new policy and test the effectiveness, scope, and coverage of the before putting it into production use.
   • If the result is DENY, verify your entries on the query. If they are correct, return to the policy or and make the needed correction there.

More information:

Step 3: Create Win-Admin System Access Policy