Policy Server Guides › Policy Server Configuration Guide › Global Policies, Rules, and Responses › Global Policies › Global Policy Object Characteristics
Global Policy Object Characteristics
The following sections discuss the characteristics of global policy objects, outlining the basic similarities and differences when compared to their standard (non-global) counterparts.
- Global response vs. standard response
Differences:
- Defined at the system level. Only system level administrators can define a global response.
- Cannot use variables-based attributes.
- Used in any global or domain-specific policies.
- Associated with the specific agent type.
- Can be a member of any global or domain-specific response group.
Similarities:
- Can use active expressions.
- Is not returned unless it is specified in a particular policy.
- Global rule vs. standard rule
Differences:
- Defined at the system level. Only system level administrators can define a global rule.
- The filter for the global rule is not bound to a specific realm. The filter for the global rule is an absolute filter, which may or may not use a regular expression.
- Bound to specific agent or agent group. The agent is explicitly specified when the rule is created.
- Available only for SiteMinder agents. You cannot associate a global rule with a RADIUS Agent because RADIUS Agents do not support authentication and authorization events.
- Only defined for an authentication or authorization event.
- Only used in global policies.
- Cannot be added to rule groups. There are no global rule groups.
- Can fire for resources on any domain for which global policy processing is enabled.
- Global policy vs. standard policy
Differences:
Similarities:
- Can use active expressions.
- Associated with the specific Agent. However, it's possible to create a group containing all the Agents of the same type and bind a global rule to such group.
When the global policy is being processed, the responses defined for the fired global rules, are added to the list of other responses. A global rule fires when the following is true:
- The resource being accessed matches the absolute resource filter defined for the global rule.
- The event that occurs is as defined for the global rule.
- The resource being requested is protected by the same agent/agent group, which was specified for the rule.
- The resource/realm being accessed belongs to a domain for which global policies processing is enabled.