Skip navigation.

eDocs Home > BEA AquaLogic Enterprise Security 2.1 Documentation > Policy Managers Guide

Policy Managers Guide

   Previous Next vertical dots separating previous/next from contents/index/pdf Contents Index View as PDF   Get Adobe Reader

Policy Overview

What is an AquaLogic Enterprise Security Policy?

Policy Components

Resources

Virtual Resources

Resource Attributes

Privilege Groups

Privileges

Identities

Identity Attributes

Groups

Users

Roles

Policies

Role Mapping Policies

Authorization Policies

Delegation Policies

Summary of Policy Differences

Declarations

Constants

Enumerated Types

Attributes

Evaluation Functions

Writing Policies

Policy Implementation Tasks

Access Decision Process

Authentication Service

Role mapping Service

Authorization Service

Credential Mapping Service

Authorization and Role Mapping Engine

Using the Administration Console to Write Policies

Administration Console Overview

Defining Resources

Virtual Resources

Resource Attributes

Privileges

Privilege Groups

Defining Identities

Identity Attributes

Groups

Users

Roles

Metadirectory

Writing Authorization and Role Mapping Policies

Role Mapping Policies

Authorization Policies

Role Mapping Policy Reports

Authorization Policy Reports

Defining Declarations

Binding Policies

Deploying Policies

Advanced Topics

Designing More Advanced Policies

Multiple Components

Policy Constraints

Comparison Operators

Regular Expressions

Constraint Sets

String Comparisons

Boolean Operators

Associativity and Precedence

Grouping with Parentheses

Boolean Operators and Constraint Sets

Declarations

Constant Declarations

Enumerated Type Declarations

Attribute Declarations

Evaluation Function Declarations

Closed-world Security Environment

Policy Inheritance

Group Inheritance

Direct and Indirect Group Membership

Restricting Policy Inheritance

Resource Attribute Inheritance

WebLogic Resource Type Conversions and Resource Trees

Web Server Applications

Resource Format

Action Format

Application Context

Header Context Key (HEADERNAME)

Query Context Key (VARNAME)

Cookie Context Key (COOKIENAME)

Using Named Keys in the Web Application Policy

Web Application Context Handler

Retrieval of Response Attributes

Using Response Attributes

report() Function

report_as() Function

Report Function Policy Language

Using Evaluation Plug-ins to Specify Response Attributes

Using queryResources and grantedResources

Importing and Exporting Policy Data

Introduction

Creating Policy Data Files for Importing

Policy Element Naming

Fully Qualified Names

Policy Element Qualifiers

Size Restriction on Policy Data

Character Restrictions in Policy Data

Special Names and Abbreviations

Sample Policy Files

Application Bindings [binding]

Attribute [attr]

Declarations [dec]

Directories [dir]

Directory Attribute Schemas [schema]

Mutually Exclusive Subject Groups [excl]

Resources [object]

Resource Attributes [object]

Policy Distribution [distribution]

Policy Inquiry [piquery]

Policy Verification [pvquery]

Privileges [priv]

Privilege Bindings [privbinding]

Privilege Groups [privgrp]

Role [role]

Rule [rule]

Distribution Targets

Subject Group Membership [member]

Subjects [subject]

Resource Discovery

Subject Transformation

Resource Transformation

WebLogic Resource Transformation

Java API Resource Transformation

Action Transformation

Attribute Transformations

What's Next?

Importing Policy Data

Policy Import Tool

Configuring the Policy Import Tool

Setting Configuration Parameters

Sample Configuration File

Running the Policy Import Tool

Understanding How the Policy Loader Works

Exporting Policy Data

Policy Exporter Tool

Before You Begin

Exporting Policy Data on Windows Platforms

Exporting Policy Data on UNIX Platforms

What's Next

Upgrading an Administration Server to AquaLogic Enterprise Security 2.1

 

Skip footer navigation  Back to Top Previous Next