Configuration Guides › Policy Server Configuration Guide › Configure Security Policies from WSDL Files Using Applications › Modify Role Assignments in the Application Policy

Modify Role Assignments in the Application Policy

The Administrative UI generates an application security policy that binds the web service resources specified in a WSDL to a default. You can modify this policy to change the roles assigned to resources to allow different groups of users to access different resources protected by the application.

To modify the role assignments in an application security policy

1. Click Policies, Application, Modify Application.

   The Modify Application pane opens

2. Specify search criteria, and click Search.

   A list of applications that match the search criteria opens.

3. Select your application from the list, and click Select.

   The Modify Object: Name pane opens.

4. Click the Policies tab.

   The Policies pane opens and displays a table listing the configured resources and available roles. This table lets you quickly see which roles can be granted access to which resources.

5. Place or remove checks in the role column to set the required role assignments for each web service resource.

   For example, if you had a human resources application that secures a web service for benefits management and another for performance appraisals and separate roles for employees and managers, you could:

   1. Check the Employees role beside the rows of resources that protect the benefits management operations to create a policy that allows employees to manage their benefits.
   2. Check the Managers beside the rows of resources that protect the performance appraisals to create a policy that allows only managers to access the performance appraisals web service.
6. Click Submit.

   Security policies are created for each role assigned.

Note: If you need to edit resources or roles, you must make the changes on the respective tabs and not on the Policies pane.