Previous Topic: Identify the Application that Needs ProtectingNext Topic: Create Employee and Manager Roles

Policy Server GuidesPolicy Server Configuration GuideEnterprise Policy ManagementUse Cases for Defining Application Security Policies Using Application ObjectsApplication Security Policies Based on RolesCreate an Attribute Mapping for Group Membership

Create an Attribute Mapping for Group Membership

To indicate that a subset of the employees at Acme-Financial are Managers, create an attribute mapping that maps to the Managers group membership.

Note: The name of the LDAP user directory for this use case AcmeLDAP.

To create an attribute mapping for group membership:

  1. Click Infrastructure, Directory, User Directory, Modify Directory.
  2. Select the directory you want to modify.

    The Modify AcmeLDAP dialog opens.

  3. Click Create in the Attribute Mapping List.

    The Create Attribute Mapping dialog opens.

  4. Complete the fields in the General group box as follows:
    Name

    IsManager

    Description

    Defines the Managers group.

  5. Select the Group radio button in the Properties group box, the enter the following:
    Definition

    cn=managers,ou=Groups,o=acme-financial.com

    The value in the Definition field reflects how the group is defined in the user directory, as indicated in the use case introduction.

  6. Click OK.

    You return to the user directory dialog.

  7. Click Submit to submit the changes.

You have now defined an attribute called IsManagers for the group cn=managers,ou=Groups,o=acme-financial.com.

Designate the Application Resources

After specifying the sub-areas of the main application that you want to protect, you can then designate the specific resources within that subdirectory that you want to protect with an application policy.

For this use case, there are two resources to protect:

To specify the specific resources or functions of the main application

  1. Click the Resources tab.
  2. Click Create.

    The Resource pane opens.

  3. Enter values for the fields in the General group box. For this use case, enter the following:
    Name

    Benefits Management

    Description

    Lets employees manage their benefits

  4. Enter values for the fields in the Attributes group box. For this use case, enter the following:
    Resource

    managebenefits.jsp

  5. Repeat steps 2–4, but enter the following information:
    Name

    Performance Appraisals

    Description

    Lets a manager write an appraisal report and salary review for an employee

    Resource

    salaryincrease.jsp

Note: Click Help for descriptions of settings and controls, including their respective requirements and limits.

The resources associated with the performance management application are now defined.