Web Agent Guides › Web Agent Configuration Guide › Domino Web Agents › Configure Policies for Domino › Create Rules for Domino Server Resources

Create Rules for Domino Server Resources

Actions for the Notes database resources should be considered when you create rules. Any resource not specified with an action will default to the action ?Open. The rules that are included in a SiteMinder policy must account for the default action, ?Open, and equivalent actions for ?Open, such as ?OpenDatabase, ?OpenView, ?OpenDocument, ?OpenFrameset.

The Domino Web Agent enables a policy administrator to create one rule for many aliases that point to the same resource. You only need one rule because the Domino Agent converts Domino's multiple representations of a resource into one URL. This function of the Domino Agent is important to consider when creating rules for SiteMinder policies.

You create realms and rules using the Administrative UI.

Note: For more information, see the Policy Server documentation.

In the following illustration, the URL is a link to Acme's Domino server, with a Notes database called db1.nsf. This database contains two files: page1 and page2.

Example 1: Protecting one document and all its aliases.

For access to page1 and all its aliases, you create only one rule for the realm db1.nsf. The Domino Agent is able to interpret all the different naming conventions and convert them to a one standard URL format.

For your realms and rules, do the following:

• When creating a realm you would specify a resource filter for the database where page1 resides. For example, to protect all files in the database you would configure the following:

  Resource filter: /db1.nsf/

  To protect not only page1 but all its aliases, you would configure the following:

  Resource filter: /db1.nsf/page1

• To create a rule that protects any action on page1, enter an asterisk (*) in the Resource field of the Rule Properties dialog box. For example:

  Resource: *

  This * wildcard indicates that any action, such as ?Open, ?EditDocument can be performed on page1 by the users that are bound to the policy.

Example 2: Protecting different documents in the same database.

To protect page2 in the db1.nsf database in addition to page1, you need to create a second rule.

Resource Filter: /db1.nsf/page2

Resource: *

Example 3: Protecting different actions on a single resource

To protect individual actions on a resource, for example, if you wanted only some users to perform the action ?EditDocument and all users to perform the action ?ReadForm, each action would require its own rule for each resource, as follows:

• Rule 1

  Resource Filter: /db1.nsf/page1

  Resource: ?OpenView

• Rule 2

  Resource Filter: /db1.nsf/page1

  Resource: ?EditDocument

You could also use one rule as follows:

Resource Filter: /db1.nsf/page

Resource: ?Open*

Note: In the Resource field, there is no forward slash (/) before ?Open.

Even if there are aliases for this resource, the one rule would protect the original page and all its aliases.

Instead of creating several rules for different actions, you could specify a single rule and use wildcards to cover all actions, for example:

Resource filter: /db1.nsf/page

Resource: ?Open*

With the rule, you are then protecting the resource:

http://www.acme.com/db1.nsf/page*?Open*

Note: If you want a rule to be literal, write a regular expression.