Configuration Guides › Policy Server Configuration Guide › Configure Security Policies from WSDL Files Using Applications › Application Overview › How to Create Application Security Policies

How to Create Application Security Policies

To protect applications in your organization, you create application security policies. These policies define the resources you want protected and specify who is allowed access to the protected application.

To create application security policies, use the following process:

1. Create an application object for the web service resources that you want to protect.
2. Create a new user directory or associate an existing user directory with the application.
3. (Optional) Configure any responses that you want to associate with web service resources.
4. Generate security policies from the web service definition contained in its WSDL file.

   The Administrative UI creates component and resource definitions corresponding to your settings for all specified web service ports and operations, a default application role (that defines no user access), and a security policy that binds that default role with resources.

5. Modify the default application role to define a group of users that can access a resource to which the role is assigned. Application roles are defined by expressions that search the user directories for users that meet the membership criteria of the application role.
6. (Optional) Create additional application roles that identify other groups of users that should have access to any of the protected resources.
7. Repeat Steps 4, 5, and 6 for any additional web services defined in other WSDL files that you want to protect in the same application.
8. Refine the generated policies by associating application roles with resources.