Policy Server Guides › Policy Server Configuration Guide › Enterprise Policy Management › EPM Use Cases for Protecting Applications › Application Security Policies Based on Roles
Application Security Policies Based on Roles
In this use case, a financial services company, acme-financial.com, has an internal human resources application that handles benefits and performance management. All employees should have access to the benefits portion of the application while only managers should be permitted access to the performance management portion.
The following procedures detail how you can use the EPM model together with application roles to create a security policy for the human resources application.
Given:
- The SiteMinder environment contains one user LDAP directory, called AcmeLDAP.
- The user directory identifies all employees and employees who are managers. They are defined in the directory as follows:
- group:cn=employees,ou=Groups,o=acme-financial.com
- group:cn=managers,ou=Groups,o=acme-financial.com
- Employees, including managers, must authenticate with the Basic authentication scheme
Solution for application security based on roles:
To solve this use case, you complete the following steps:
- Create an attribute directory mapping for the user directory.
- Create an application.
- Select the user directory where you locate the users that meet the role criteria.
- Specify the resources that are the sub-components of the main application.
- Define the two roles that should have access to the application.
- Combine the resources and roles into an application policy.