Previous Topic: Designate the Resource Requiring ProtectionNext Topic: Advanced Policy Components for Applications

Policy Server GuidesPolicy Server Configuration GuideEnterprise Policy ManagementUse Cases for Defining Application Security Policies Using Application ObjectsApplication Security Policies with User Mapping and Named ExpressionsConfigure the Customer Role

Configure the Customer Role

After establishing a resource, you create an application role that lets customers make Web-based purchases as long as they have not exceeded their credit limit.

Note: The following procedure assumes that you are creating an object. You can also copy the properties of an existing object to create an object. For more information, see Duplicate Policy Server Objects.

To create this credit-based role

  1. Click the Roles tab.
  2. Click Create.

    The Create Role dialog appears.

  3. Verify that the Create radio button is selected, and click OK.

    The Create Role dialog opens.

  4. Enter values for the fields in the General group box. For this use case, enter the following:
    Name

    PurchasewithCredit

    Description

    Indicates that the customer will use credit to pay for their purchases.

  5. Enter an expression in the Membership Expression group box. For this use case, enter the following:
    Expression

    @IsUnderCreditLimit

    The role expression is the product of the two virtual user attribute expressions #Balance and #CreditLimit, which calculate whether or not the user has exceeded his credit limit.

  6. Click OK.

You have created a role called PurchasewithCredit, whose value is the combination of two named expressions.

Customize the Application with a Response

To provide a more personalized experience for the customer, the retail clothing company can configure a response that lets customers who are over their credit limit apply for increased credit. If a customer has exceeded their credit limit, this response will redirect them to a credit application where they can apply for a higher credit limit.

To create a response

  1. Click on the Response tab.
  2. Click Create Response.

    The Create Response dialog opens.

  3. Complete the field as follows:
    Name

    CreditNotice

    Description

    Alerts users they have exceeded credit limit.

  4. Click Create Response Attribute.

    The Create Response Attribute dialog opens.

  5. Complete the fields and settings as follows:
    Attribute

    WebAgent-OnReject-Redirect

    Attribute Kind

    Static

    Attribute Fields—Variable Value

    http://catalog.retailcorp.com/credit_notice.jsp

    Note: Complete descriptions of response attributes exist in the Web Agent Configuration Guide.

  6. Keep the defaults for all the other fields.
  7. Click OK.

The response named CreditNotice has been created and will be sent to customers who exceed their credit limit.

Configure the Security Policy for the Shopping Application

After you have defined the resource, role, and response, configure the policy that secures the Web-based shopping application.

Follow these steps:

  1. Click the Policies tab.

    The Policies dialog opens and displays a table listing the Checkout resource and the PurchaseWithCredit role displayed.

  2. Select the PurchaseWithCredit role for the Checkout resource.

    This pairing establishes a policy that lets all customers make a purchase with the store's credit card, if they have not exceeded their credit limit. Additionally, by checking the role the Responses grid becomes populated.

  3. Select the CreditNotice response for the Checkout resource.

You now have a security policies for the online catalog application based on roles that define a spending limit. Additionally, a response is associated with the policy and will be sent to those customers who continue to make purchases after exceeding their limit.

Provide Metadata to Describe the Application

The retail clothing company wants to ensure that there is some descriptive information about the online catalog application. Custom attributes can be used to provide metadata that describes the application.

The retail clothing company wants to note that the application is only for the online catalog and the email address of the administrator of this application.

To specify metadata for the online catalog application:

  1. Click the Custom Attributes tab.

    The Custom Attributes dialog opens.

  2. Click Create.

    A table appears with Name and Value fields.

  3. Enter values for the fields in the custom attributes table. For this use case, enter the following:
    Name

    App_Function

    Value

    online_retail

  4. Click Create to add another row to the table then enter the following:
    Name

    Admin_email

    Value

    jdoe@retailcorp.com

  5. Click Submit.

You have completed all the available tasks related to creating an application security policy.