Policy Managers Guide

Introduction

Document Scope and Audience

Guide to this Document

Related Documentation

Contact Us!

Security Policies Overview

What is an AquaLogic Enterprise Security Policy?

Closed-world Security Environment

Policy Components

Resources

Virtual Resources

Resource Attributes

Privilege Groups

Privileges

Identities

Identity Attributes

Groups

Users

Roles

Policies

Role Mapping Policies

Authorization Policies

Delegation Policies

Summary of Policy Differences

Declarations

Constants

Enumerated Types

Attributes

Evaluation Functions

Writing Policies

Policy Implementation: Main Steps

Access Decision Process

Authentication Service

Role Mapping Service

Authorization Service

Credential Mapping Service

Authorization and Role Mapping Engine

Using the Administration Console to Write Policies

Administration Console Overview

Defining Resources

Virtual Resources

Resource Attributes

Privileges

Privilege Groups

Defining Identities

Identity Attributes

Groups

Users

Roles

Metadirectory

Writing Authorization and Role Mapping Policies

Role Mapping Policies

Authorization Policies

Role Mapping Policy Reports

Authorization Policy Reports

Defining Declarations

Binding Policies

Deploying Policies

Advanced Topics

Designing More Advanced Policies

Multiple Components

Policy Constraints

Comparison Operators

Regular Expressions

Constraint Sets

String Comparisons

Boolean Operators

Associativity and Precedence

Grouping with Parentheses

Boolean Operators and Constraint Sets

Declarations

Constant Declarations

Simple Constant

Constants List

Enumerated Type Declarations

Pre-Defined, Built-In Enumerated Types

User-Defined Types

Attribute Declarations

Resource Attributes

Identity Attributes

Static Attributes

Dynamic Attributes

Time and Date Attributes

Request Attributes

Evaluation Function Declarations

Authorization Caching Expiration Functions

Policy Inheritance

Group Inheritance

Direct and Indirect Group Membership

Restricting Policy Inheritance

Resource Attribute Inheritance

WebLogic Resource Type Conversions and Resource Trees

Understanding Resource Nodes

Root Node

Application Deployment Parent Node

Application Node

Resource Type Node

Resource Parent Node

Resource Node

Resource Paths and Policies for Common Resources

EJB Resources

EJB Resource Path Example

EJB Resource Privilege Mappings

EJB Resource Dynamic Resource Attributes

JNDI Resources

JNDI Resource Path Example

JNDI Resource Privilege Mappings

JNDI Dynamic Resource Attributes

JNDI Resource Policy Examples

URL Resources

URL Resource Path Example

URL Resource Privilege Mappings

URL Dynamic Resource Attributes

HTTP Request Context Elements

Servlet Attributes

URL Query Strings

HTTP Request Headers

Cookies

URL Resource Policy Examples

JDBC Resources

JDBC Resource Path Example

JDBC Resource Privilege Mappings

JDBC Resource Path Example

JDBC Dynamic Resource Attributes

JDBC Resource Policy Examples

JMS Resources

JMS Resource Path Example

JMS Resource Privilege Mappings

JMS Resource Example

JMS Dynamic Resource Attributes

JMS Resource Policy Examples

Web Services Resources

Web Services Resource Path Example

Web Services Resource Privilege Mappings

Web Services Resource Policy Examples

Web Services Dynamic Resource Attributes

Web Services Resource Policy Examples

Server Resources

Server Resource Path Example

Server Resource Privileges Mapping

Server Dynamic Resource Attributes

Server Resource Policy Examples

Subject Mapping

Policy Element Naming

Fully Qualified Names

Policy Element Qualifiers

Size Restriction on Policy Data

Character Restrictions in Policy Data

Data Normalization

Directory Names

Logical Name

Declaration Names

Special Names and Abbreviations

Sample Policy Files

Application Bindings [binding]

Attribute [attr]

Declarations [dec]

Directories [dir]

Directory Attribute Schemas [schema]

Mutually Exclusive Subject Groups [excl]

Resources [object]

Resource Attributes [object]

Policy Distribution [distribution]

Policy Inquiry [piquery]

Policy Verification [pvquery]

Privileges [priv]

Privilege Bindings [privbinding]

Privilege Groups [privgrp]

Role [role]

Rule [rule]

Distribution Targets

Subject Group Membership [member]

Subjects [subject]

Using Response Attributes

report() Function

report_as() Function

Report Function Policy Language

Using Evaluation Plug-ins to Specify Response Attributes

Using queryResources and grantedResources

Resource Discovery

Importing and Exporting Policy Data

Importing Policy Data

Policy Import Tool

Configuring the Policy Import Tool

Setting Configuration Parameters

Username and Password

Policy Import Parameters

Sample Configuration File

Running the Policy Import Tool

Understanding How the Policy Loader Works

Exporting Policy Data

Policy Export Tool

Before You Begin

Exporting Policy Data on Windows Platforms

Exporting Policy Data on UNIX Platforms

What's Next