You can add individual users, user groups, or both to a policy and can create a policy binding between the added users and the policy. When a user tries to access a protected resource, the policy verifies that the user is part of its policy binding. Then the policy fires the rules included in the policy to see if the user is allowed to access the resource.
Follow these steps:
The Domain pane appears.
The Modify Policy page appears.
The Modify Policy:Name page appears.
The User Directories pane opens and contains group boxes for each user directory that is associated with the policy domain.
In each user directory section, you can select Add Members, Add Entry, Add All. Depending on which method you use to add users to the policy, a dialog opens to let you add users.
Note: If you select Add Members, the User/Groups pane opens. Individual users are not displayed automatically. Use the search utility to find a specific user within one of the directories.
You can edit or delete a user or group by clicking the right arrow (>) or minus sign (-), respectively.
The User Directories pane reopens and lists the new users for the policy on the section of the user directory. The task of binding users to the policy is complete.
Rules indicate the specific resources included in a policy and whether to allow or deny access to the resources when the rule fires. Responses indicate the actions you want to occur when the rule fires.
Note: Add at least one rule or rule group to a policy.
Follow these steps:
The Rules dialog opens.
The Available Rules pane opens.
The Rules section lists the added rules and groups.
Note: To remove a rule or rule group from a policy, click the minus sign (-) to the right of the rule on the Rules section. To create a rule, click New Rule on the Available Rules pane.
Copyright © 2013 CA.
All rights reserved.
|
|