Contents for Policy Managers Guide

Introduction

Document Scope and Audience

Guide to this Document

Related Documentation

Contact Us!

Security Policies Overview

What is an AquaLogic Enterprise Security Policy?

Closed-World Security Environment

Policy Components

Resources

Virtual Resources

Resource Attributes

Action Groups

Actions

Identities

Identity Attributes

Groups

Users

Policies

Roles and Role Mapping Policies

Authorization Policies

Delegation

Summary of Policy Differences

Declarations

Constants

Attributes

Evaluation Functions

Writing Policies

Policy Implementation: Main Steps

Access Decision Process

Authentication Service

Role Mapping Service

Authorization Service

Credential Mapping Service

Authorization and Role Mapping Engine

Using the Entitlements Administration Application to Write Policies

Entitlements Administration Application Overview

Resources

Virtual Resources

Resource Attributes

Actions and Action Groups

Identities

Groups

Users

Identity Attributes

Roles

Writing Role Mapping Policies and Authorization Policies

Role Mapping Policies

Authorization Policies

Policy Reports

Role Mapping Policy Reports

Authorization Policy Reports

Defining Declarations

Binding Policies

Deployment

Distributing SSM Configurations

Distributing Policies

Advanced Topics

Designing More Advanced Policies

Multiple Components

Policy Constraints

Comparison Operators

Regular Expressions

Backslash (\)

Period (.)

Brackets ([])

Dash (-)

Caret (^)

Parentheses (( )) and OR character ( | )

Asterisk (*)

Plus (+)

Question Mark (?)

Others

Constraint Sets

String Comparisons

Boolean Operators

Associativity and Precedence

Grouping with Parentheses

Boolean Operators and Constraint Sets

Declarations

Constant Declarations

Simple Constant

Constants List

Attribute Declarations

Resource Attributes

Identity Attributes

Static Attributes

Dynamic Attributes

Time and Date Attributes

Request Attributes

Evaluation Function Declarations

Authorization Caching Expiration Functions

Policy Inheritance

Group Inheritance

Direct and Indirect Group Membership

Restricting Policy Inheritance

Resource Attribute Inheritance

WebLogic Resource Type Conversions and Resource Trees

Understanding Resource Nodes

Root Node

Application Deployment Parent Node

Application Node

Resource Type Node

Resource Parent Node

Resource Node

Resource Paths and Policies for Common Resources

EJB Resources

EJB Resource Path Example

EJB Resource action Mappings

EJB Resource Dynamic Resource Attributes

JNDI Resources

JNDI Resource Path Example

JNDI Resource Action Mappings

JNDI Dynamic Resource Attributes

JNDI Resource Policy Examples

URL Resources

URL Resource Path Example

URL Resource Action Mappings

URL Dynamic Resource Attributes

HTTP Request Context Elements

Servlet Attributes

URL Query Strings

HTTP Request Headers

Cookies

URL Resource Policy Examples

JDBC Resources

JDBC Resource Path Example

JDBC Resource Action Mappings

JDBC Resource Path Example

JDBC Dynamic Resource Attributes

JDBC Resource Policy Examples

JMS Resources

JMS Resource Path Example

JMS Resource Action Mappings

JMS Resource Example

JMS Dynamic Resource Attributes

JMS Resource Policy Examples

Web Services Resources

Web Services Resource Path Example

Web Services Resource Action Mappings

Web Services Resource Policy Examples

Web Services Dynamic Resource Attributes

Web Services Resource Policy Examples

Server Resources

Server Resource Path Example

Server Resource Actions Mapping

Server Dynamic Resource Attributes

Server Resource Policy Examples

Subject Mapping

Policy Element Naming

Fully Qualified Names

Policy Element Qualifiers

Size Restriction on Policy Data

Character Restrictions in Policy Data

Data Normalization

Directory Names

Logical Name

Declaration Names

Special Names and Abbreviations

Sample Policy Files

Application Bindings [binding]

Attribute [attr]

Declarations [dec]

Directories [dir]

Directory Attribute Schemas [schema]

Mutually Exclusive Subject Groups [excl]

Resources [object]

Resource Attributes [object]

Policy Distribution [distribution]

Policy Inquiry [piquery]

Policy Verification [pvquery]

Actions [priv]

Action Bindings [privbinding]

Action Groups [privgrp]

Role [role]

Rule [rule]

Distribution Targets

Subject Group Membership [member]

Subjects [subject]

Using Response Attributes

report() Function

report_as() Function

Report Function Policy Language

Using Evaluation Plug-ins to Specify Response Attributes

Using queryResources and grantedResources

Resource Discovery

Enable Discovery Mode

Run in Discovery Mode

Import the Policy

Importing and Exporting Policy Data

Importing Policy Data

Policy Import Tool

Configuring the Policy Import Tool

Setting Configuration Parameters

Username and Password

Policy Import Parameters

Sample Configuration File

Running the Policy Import Tool

Understanding How the Policy Loader Works

Exporting Policy Data

Policy Export Tool

Before You Begin

Exporting Policy Data on Windows Platforms

Exporting Policy Data on UNIX Platforms

What’s Next

Authorization Caching

Authorization Cache Operation

Configuring Authorization Caching

Authorization Caching Expiration Functions