Policy Server Guides › Policy Server Configuration Guide › Implementing Policy-based Security › Security Model Implementation › Organization and Resource Requirement Considerations › Identify Resources and Roles
Identify Resources and Roles
The second part of establishing organization requirements is to identify resources and map resources to roles.
The purpose of this step is to link resources with roles. By linking these two components, you will have a better understanding of what needs protection and what type of protection is required.
When identifying resources:
- Identify all known resources, including resources that are planned but do not yet exist. Planning security for all known resources at once, whether they currently exist or not, will save you time.
- Create a site map for Web sites to better understand the structure of the resources.
How this applies to policies:
Resources are defined in realms and rules. Roles of users are implied based on the user group to which they belong or based on their user attributes. In an airline application, for example, a user belonging to the Pilot user group would perform tasks associated with the Pilot role.
To identify resources and roles
- Using a table or chart similar to the security model table described earlier in this chapter, list the resources in the Resources column.
- Identify all subdivisions of a single resource. For example, if a directory called /bidding had two subdirectories below, such as /bidding/flights and /bidding/standby, both subdirectories would be listed as resources. By treating each subdirectory as a separate resource, it will be easier to determine if each resource requires separate security.
- Next to each resource, list the roles that will need access to the resource.