Previous Topic: Configure a Global ResponseNext Topic: Allowable IP Addresses for Global Policies

Policy Server GuidesPolicy Server Configuration GuideGlobal Policies, Rules, and ResponsesHow to Configure Global PoliciesSmkeytool Examples for Windows PlatformsCreate the Global Policy

Create the Global Policy

You create a global policy to define how users interact with resources.

To create a global policy

  1. Click Policies, Global.
  2. Click Global Policy, Create Global Policy.

    The Create Global Policy pane opens.

    Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

  3. Enter the global policy name.
  4. Add global rules and global responses.

Add Global Rules to a Global Policy

Global rules indicate the specific resources included in a global policy. You must add at least one global rule to a global policy.

To add global rules to a global policy

  1. Click the Rules tab.

    The Rules group box opens.

  2. Click Add Rule.

    The Available Rules pane opens and lists the available global rules.

    Note: If the global rule you require does not appear, click New Rule. Rules you create in this manner are added to the global policy.

  3. Select the global rules you want to add, and click OK.

    The Rules group box lists the selected rules and rule groups.

  4. (Optional) Associate the rule with a response or response group.
Associate a Global Rule with a Response

Global responses indicate the actions that should take place when the rule fires. When the rule fires, the associated response also fires.

To associate a response with a global rule

  1. Click Add Response for the global rule for which you want to associate a response.

    The Available Responses pane opens and lists the available responses, response groups, and global responses.

  2. Select a response, response group, or global response, and click OK.

    The response opens in the Rules group box, and is associated with the respective rule.

    Note: If the response you require does not exist, click New Response to create the response.

Enable and Disable Global Policies

The Administrative UI allows you to enable and disable global policies. By default, when you create a global policy, the policy is enabled. When a global policy is enabled, global rules contained in the global policy fire when users attempt to access the resources specified in the global rules.

If you disable a global policy, the rules contained in the policy do not fire.

To enable or disable a policy

  1. Open the policy.
  2. Select or clear the Enabled check box.

    If the check box is selected, the policy is enabled. If the check box is cleared, the policy is disabled. A disabled policy does not fire.

  3. Click Submit.

    The policy is saved.

Configure a Global Active Policy

An active policy is used for dynamic authorization based on external business logic. An active policy is included in the authorization decision by having the Policy Server invoke a function in a customer-supplied shared library.

This shared library must conform to the interface specified by the Authorization API (available separately with the Software Development Kit.

Note: More information exists in API Reference Guide for C.

The process for configuring active policies for global policies is identical to the process for configuring active policies for domain-specific policies.

To configure an Active Policy

  1. Open the global policy.
  2. Select the Edit Active Policy check box in the Advanced Group box.

    Active policy settings appear.

  3. Enter the name of the shared library in the Library Name field.
  4. Enter the name of the function in the shared library that is to implement the active policy.
  5. Click Submit.

    The policy is saved.

More information:

Configure an Active Policy