Policy Server Guides › Policy Server Configuration Guide › Implementing Policy-based Security › Strategies for Managing Security and Users › SiteMinder Security Policies
SiteMinder Security Policies
Unlike ACLs, policies serve a dual purpose: policies provide security and manage the user experience. Policies are user-centric: policies are constructed around the user group rather than the resource.
Policies define access permissions using rules, responses, and time/location constraints. Policies are then associated with users or user groups to establish:
- Where the resource is located
- Who can access a resource
- What type of access the user has
- When they can access a resource
- What happens when they access the resource
- What happens if they can't access the resource
The following graphic provides a definition of a SiteMinder security policy.
Policies provide an effective means of managing users and securing resources for the following reasons:
- Policies provide more granularity and the ability to personalize content. Responses enable you to define what happens when a user is allowed or denied access, such as which graphics are shown if a user is allowed access or where to redirect the user if the user is denied access.
- Policies are easy to maintain. When a user is modified, added to the group, or deleted from a group, all policy definitions that include the user are automatically updated.
- Policies provide fine-grained security. Policy definitions can include time restrictions and location (I.P.) restrictions.
Because of the power and flexibility of policies, authorization models based on security policies are more efficient and effective than models based on ACLs.