Policy Server Guides › Policy Server Configuration Guide › Policies › How to Configure a Policy

How to Configure a Policy

The following process lists the steps for configuring a policy.

Note: You can also create policies using the Scripting interface for Perl. For more information, see the Programming Guide for Perl.

Follow these steps:

1. Create the policy.
2. Add users to the policy.
3. Add one or more rules to the policy.
4. (Optional) Associate responses or response groups with rules.
5. (Optional) Associate global responses with rules.
6. (Optional). Configure advanced policy options.

More information:

Add Users to a Policy

Add Rules to a Policy

Create the Policy

Create a policy by adding it to a new or existing domain. Policies define relationships between users and resources.

Follow these steps:

1. Click Policies, Domain.
2. Click Domains.
3. Click the name of the domain you want to modify.
4. Click Modify.
5. Click the Policies tab.
6. Click Create.
7. Type the name and a description of the policy.
8. (Optional) When the policy protects resources for which you always want the user to reauthenticate select the validate identity check box. For example, if you always want the user to reauthenticate before transferring money from one bank account to another, click the validate identity check box. Users must reauthenticate before a transfer made. This setting protects users even if they leave their screen unattended while the CA SiteMinder® session is still valid. The current CA SiteMinder® session is not affected.

   Note: This setting requires additional configuration at the Policy Server and the agent. For more information, see the knowledge base document titled Scenario: Require Re-Authentication for Sensitive Resources.

9. Click the Users tab.
10. Add users, user groups, or both to the policy, and click Submit.
11. Click Submit.

    The Modify domain Task is submitted for processing.

Add Users to a Policy

You can add individual users, user groups, or both to a policy and create a policy binding between the added users and the policy. When a user tries to access a protected resource, the policy verifies that the user is part of its policy binding and then fires the rules included in the policy to see if the user is allowed to access the resource.

Follow these steps:

1. Navigate to the Users page.
2. Add users or groups from the user directory to the policy.

   From within each user directory group box, you can choose Add Members, Add Entry, Add All. Depending on which method you use to add users to the policy, a dialog box will open enabling you to add users.

   Note: If you select Add Members, the User/Groups pane opens. Individual users are not displayed automatically. Use the search utility to find a specific user within one of the directories.

   You can edit or delete a user or group by clicking the right arrow (>) or minus sign (-), respectively.

3. Select individual users, user groups, or both using whatever method and click OK.

   The User Directories page reopens and lists the new users..

The task of binding users to the policy is complete.

More information:

View User Directory Contents

Add Rules to a Policy

Rules indicate the specific resources included in a policy and whether to allow or deny access to the resources when the rule fires. Responses indicate the actions you want to occur when the rule fires.

Note: Add at least one rule or rule group to a policy.

Follow these steps:

1. Navigate to Policy, Rules.

   The Rules page opens.

2. Click Add Rule.

   The Available Rules pane opens.

3. Select the individual rules, rule groups, or both that you want to add to the policy, and click OK.

   The Rules section lists the added rules and groups.

4. (Optional) Associate the rule with a response or response group.

   Note: To remove a rule or rule group from a policy, click the minus sign (-) to the right of the rule on the Rules section. To create a rule, click New Rule on the Available Rules pane.