Contents for Policy Managers Guide
Policy Overview
What is an AquaLogic Enterprise Security Policy?
Policy Components
Resources
Resource Attributes
Privilege Groups
Privileges
Identities
Identity Attributes
Groups
Users
Roles
Policies
Role Mapping Policies
Authorization Policies
Delegation Policies
Summary of Policy Differences
Declarations
Constants
Enumerated Types
Attributes
Evaluation Functions
Writing Policies
Policy Implementation Tasks
Using the Administration Console to Write Policies
Administration Console Overview
Defining Resources
Resource Attributes
Privileges
Privilege Groups
Defining Identities
Identity Attributes
Groups
Users
Roles
Metadirectory
Writing Authorization and Role Mapping Policies
Role Mapping Policies
Authorization Policies
Role Mapping Policy Reports
Authorization Policy Reports
Defining Declarations
Binding Policies
Deploying Policies
Advanced Topics
Designing More Advanced Policies
Multiple Components
Policy Constraints
Comparison Operators
Regular Expressions
Constraint Sets
String Comparisons
Boolean Operators
Associativity and Precedence
Grouping with Parentheses
Boolean Operators and Constraint Sets
Declarations
Constant Declarations
Enumerated Type Declarations
Attribute Declarations
Evaluation Function Declarations
Closed-world Security Environment
Policy Inheritance
Group Inheritance
Direct and Indirect Group Membership
Restricting Policy Inheritance
Resource Attribute Inheritance
Writing Policy for Web Server Web Applications
Resource Format
Action Format
Application Context
Header Context Key (HEADERNAME)
Query Context Key (VARNAME)
Cookie Context Key (COOKIENAME)
Using Named Keys in the Web Application Policy
Web Application Context Handler
Retrieval of Response Attributes
Using Response Attributes
report() Function
report_as() Function
Report Function Policy Language
Using Evaluation Plug-ins to Specify Response Attributes
Using queryResources and grantedResources
Importing and Exporting Policy Data
Introduction
Creating Policy Data Files for Importing
Policy Element Naming
Fully Qualified Names
Policy Element Qualifiers
Size Restriction on Policy Data
Character Restrictions in Policy Data
Special Names and Abbreviations
Sample Policy Files
Application Bindings [binding]
Attribute [attr]
Declarations [dec]
Directories [dir]
Directory Attribute Schemas [schema]
Mutually Exclusive Subject Groups [excl]
Resources [object]
Resource Attributes [object]
Policy Distribution [distribution]
Policy Inquiry [piquery]
Policy Verification [pvquery]
Privileges [priv]
Privilege Bindings [privbinding]
Privilege Groups [privgrp]
Role [role]
Rule [rule]
Distribution Targets
Subject Group Membership [member]
Subjects [subject]
Resource Discovery
Subject Transformation
Resource Transformation
WebLogic Resource Transformation
Java API Resource Transformation
Action Transformation
Attribute Transformations
What's Next?
Importing Policy Data
Policy Import Tool
Configuring the Policy Import Tool
Setting Configuration Parameters
Sample Configuration File
Running the Policy Import Tool
Understanding How the Policy Loader Works
Exporting Policy Data
Policy Exporter Tool
Before You Begin
Exporting Policy Data on Windows Platforms
Exporting Policy Data on UNIX Platforms
What's Next
Upgrading an Administration Server to AquaLogic Enterprise Security 2.1