Follow the instructions below to create an XACML policy.1.
- Sign in. Enter your user name and password to log on to the Management Console.
...
- Click the "Main" button to access the "Entitlement" menu.
...
- From the "Main" menu, select "Administration" under "Entitlement."
...
- Click on the "Add New Entitlement Policy" link to access the "Create Entitlement Policy" page.
- The Add New Policy page appears. Select the policy creation method you wish to use.
- On the "Create
...
- XACML Policy" page, specify the required settings:
Simple Policy Editor
Panel - Entitlement Policy Name - Specify the name of the policy. This field is mandatory.
- Entitlement Policy Description - Enter a description of the policy.
- This policy is based on - Select one of Resource, Subject, Environment and Action from the dropdown.
- Resource which is equals to - Enter a value here.
- Add Child Resource-
- Fill out the name of the child resource.
- Select either the age email, role or UserName from the dropdown.
- Enter the value for the field chosen above.
- Select either Time, Domain, DateTime or Date from the drop down.
- Enter the value for the field chosen above.
- Click the add button.
Basic Policy Editor
Panel - Entitlement Policy Name - Specify the name of the policy. This field is mandatory.
- Rule Combining Algorithm - Select a rule-combining algorithm from the drop-down menu. The following algorithms are available:
...
- Deny Overrides
- Permit
...
...
- Overrides
- First Applicable
- Deny Unless Permit
- Permit Unless Deny
- Specify the elements that the policy applies to:
- Resource Names - Specify the name of a resource.
- User
...
- Attribute - Specify a user
...
- attribute.
- Action Name - Specify an action name.
- Environment Name - Specify the environment name.
- Define Entitlement Rules:
- Rule Name - Specify the role name. This field is mandatory.
- Rule Effect - Select the rule effect: permit or deny.
- Resource Names - Specify the resource name.
- User Attribute - Specify a user attribute.
- Action Name - Specify
...
- the action name.
- Environment Name - Specify the environment name.
...
Use the drop-down menu to select the level of matching with the specifications in the text field:
- equals to
- at-least-one-matching-member-of
- at-least-one-matching-reg-ex-member-of
- matching reg-ex to
- a matching set of
- a matching reg-ex set of
| Info | ||
|---|---|---|
| ||
You can use the icons to select elements from storage. Click the appropriate icon to reach the "Advanced Search" page.
Select the required element and move it to the "Selected Attribute Values" box using the ">>" button.
|
...
Standard Policy Editor
Panel - Entitlement Policy Name - Specify the name of the policy. This field is mandatory.
- Rule Combining Algorithm - Select a rule-combining algorithm from the drop-down menu. The following algorithms are available:
- Deny Overrides
- Permit Overrides
- First Applicable
- Deny Unless Permit
- Permit Unless Deny
- Entitlement Policy Description - Enter a description of the policy.
- Specify the element that the policy applies to and its corresponding value. Choose one of the following elements from the dropdown:
- Resource Names
- User Attribute
- Action Name
- Environment Name
- Define Entitlement Rules:
- Rule Name - Specify the role name. This field is mandatory.
- Rule Effect - Select the rule effect: permit or deny.
...
- Specify the
...
Use the drop-down menu to select the level of matching with the specifications in the text field:
- equals to
- in
- at-least-one-member-of
- a sub set of
- matching reg-ex to
- a matching set of
| Info | ||
|---|---|---|
| ||
You can use the icons to select elements from storage. Click the appropriate icon to reach the "Advanced Search" page.
Select the required element and move it to the "Selected Attribute Values" box using the ">>" button.
|
8. Click on the "Add" button.
9. A new role is displayed in the pane below.
From here, you can edit and delete the role.
10. Once all settings are specified, click on the "Finish" button.
...
- element that the policy applies to and its corresponding value. Choose one of the following elements from the dropdown:
- Resource Names
- User Attribute
- Action Name
- Environment Name
- element that the policy applies to and its corresponding value. Choose one of the following elements from the dropdown:
- Define Policy Obligation or Advice
Policy Set Editor
Panel - Policy Set Name - Specify the name of the policy set. This field is mandatory.
- Policy Combining Algorithm - Select a policy-combining algorithm from the drop-down menu. The following algorithms are available:
- Ordered Permit Overrides
- Deny Overrides
- Permit Overrides
- First Applicable
- Deny Unless Permit
- Only One Applicable
- Ordered Deny Overrides
- Permit Unless Deny
- Policy Set Description - Enter a description of the policy set.
- Specify the element that the policy applies to and its corresponding value. Choose one of the following elements from the dropdown:
- Resource Names
- User Attribute
- Action Name
- Environment Name
- Define Policy Obligation or Advice - Add an obligation or advice and either permit or deny an attribute pertaining to it.
- Define Policy References - Use the search to identify references.
Import Existing Policy
Panel Click Choose File and browse to the location of the policy in your local machine.
Write Policy in XML
Panel Create your own policy in XML.
- Click Finish/Upload depending on the option you chose to create your policy.
| Excerpt | ||
|---|---|---|
| ||
Instructions on how to create an XACML Policy. |