> Policy Managers Guide

Policy Managers Guide

     Previous  Next    Contents  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Introduction

Document Scope and Audience

Guide to this Document

Related Documentation

Contact Us!

Security Policies Overview

What is an AquaLogic Enterprise Security Policy?

Closed-world Security Environment

Policy Components

Resources

Virtual Resources

Resource Attributes

Privilege Groups

Privileges

Identities

Identity Attributes

Groups

Users

Roles

Policies

Role Mapping Policies

Authorization Policies

Delegation Policies

Summary of Policy Differences

Declarations

Constants

Enumerated Types

Attributes

Evaluation Functions

Writing Policies

Policy Implementation: Main Steps

Access Decision Process

Authentication Service

Role Mapping Service

Authorization Service

Credential Mapping Service

Authorization and Role Mapping Engine

Using the Administration Console to Write Policies

Administration Console Overview

Defining Resources

Virtual Resources

Resource Attributes

Privileges

Privilege Groups

Defining Identities

Identity Attributes

Groups

Users

Roles

Writing Authorization and Role Mapping Policies

Role Mapping Policies

Authorization Policies

Role Mapping Policy Reports

Authorization Policy Reports

Defining Declarations

Binding Policies

Deploying Policies

Advanced Topics

Designing More Advanced Policies

Multiple Components

Policy Constraints

Comparison Operators

Regular Expressions

Constraint Sets

String Comparisons

Boolean Operators

Associativity and Precedence

Grouping with Parentheses

Boolean Operators and Constraint Sets

Declarations

Constant Declarations

Simple Constant

Constants List

Enumerated Type Declarations

Pre-Defined, Built-In Enumerated Types

User-Defined Types

Attribute Declarations

Resource Attributes

Identity Attributes

Static Attributes

Dynamic Attributes

Time and Date Attributes

Request Attributes

Evaluation Function Declarations

Authorization Caching Expiration Functions

Policy Inheritance

Group Inheritance

Direct and Indirect Group Membership

Restricting Policy Inheritance

Resource Attribute Inheritance

WebLogic Resource Type Conversions and Resource Trees

Understanding Resource Nodes

Root Node

Application Deployment Parent Node

Application Node

Resource Type Node

Resource Parent Node

Resource Node

Resource Paths and Policies for Common Resources

EJB Resources

EJB Resource Path Example

EJB Resource Privilege Mappings

EJB Resource Dynamic Resource Attributes

JNDI Resources

JNDI Resource Path Example

JNDI Resource Privilege Mappings

JNDI Dynamic Resource Attributes

JNDI Resource Policy Examples

URL Resources

URL Resource Path Example

URL Resource Privilege Mappings

URL Dynamic Resource Attributes

HTTP Request Context Elements

Servlet Attributes

URL Query Strings

HTTP Request Headers

Cookies

URL Resource Policy Examples

JDBC Resources

JDBC Resource Path Example

JDBC Resource Privilege Mappings

JDBC Resource Path Example

JDBC Dynamic Resource Attributes

JDBC Resource Policy Examples

JMS Resources

JMS Resource Path Example

JMS Resource Privilege Mappings

JMS Resource Example

JMS Dynamic Resource Attributes

JMS Resource Policy Examples

Web Services Resources

Web Services Resource Path Example

Web Services Resource Privilege Mappings

Web Services Resource Policy Examples

Web Services Dynamic Resource Attributes

Web Services Resource Policy Examples

Server Resources

Server Resource Path Example

Server Resource Privileges Mapping

Server Dynamic Resource Attributes

Server Resource Policy Examples

Subject Mapping

Policy Element Naming

Fully Qualified Names

Policy Element Qualifiers

Size Restriction on Policy Data

Character Restrictions in Policy Data

Data Normalization

Directory Names

Logical Name

Declaration Names

Special Names and Abbreviations

Sample Policy Files

Application Bindings [binding]

Attribute [attr]

Declarations [dec]

Directories [dir]

Directory Attribute Schemas [schema]

Mutually Exclusive Subject Groups [excl]

Resources [object]

Resource Attributes [object]

Policy Distribution [distribution]

Policy Inquiry [piquery]

Policy Verification [pvquery]

Privileges [priv]

Privilege Bindings [privbinding]

Privilege Groups [privgrp]

Role [role]

Rule [rule]

Distribution Targets

Subject Group Membership [member]

Subjects [subject]

Using Response Attributes

report() Function

report_as() Function

Report Function Policy Language

Using Evaluation Plug-ins to Specify Response Attributes

Using queryResources and grantedResources

Resource Discovery

Using the Entitlements Management Tool

What is the Entitlements Management Tool?

Understanding the RBAC Model

ALES RBAC Model Concepts

Summary of Entitlements Management Tool Functions

Role Management Functions

Permission Management Functions

Separation of Duties Functions

Entitlements Reporting Functions

Setting Up the Entitlements Management Tool

Load the Entitlements Management Tool Policies

Deploy the Entitlements Management Tool Web Application

Deploying on WebLogic Server 9.x

Deploying on WebLogic Server 8.1

Deploying on Apache Tomcat

Configuring the RBAC Model in SSMs

Using the Entitlements Management Tool

Saving and Distributing Changes

Security for the Entitlements Management Tool

Working with Roles

Viewing Roles

Creating a New Role

Assigning Role Attributes

Modifying and Removing Roles

Working with Identities

Users Tab

Groups Tab

Attributes Tab

Working with Permissions and Permission Sets

Viewing Permission Sets

Creating a New Permission Set

Modifying the Permission Set Hierarchy

Assigning Permission Attributes

Separation of Duties Constraints

Generating Reports

Extending the Entitlements Management Tool

Why Might You Want to Extend the UI?

Managing a Subscription Model: Step 1

Managing a Subscription Model: Step 2

Managing a Subscription Model: Step 3

Managing a Subscription Model: Step 4

Managing a Subscription Model: Step 5

Components of the Entitlements Management Tool

Entitlements UI Application Objects

Entitlements UI Beans Package

Entitlements UI RBAC Package

Utils Package

Persistence Package

Extending the Entitlements Management Tool: Main Steps

Un-jar Entitlements Management Tool Web Archive File

Create a metaobject_mappings.properties Configuration File Under WEB-INF/config

Create Custom Implementation Node to Extend EUIMetaObjectNode

Create Custom JSPs

Modify Existing Navigation and Main JSP Files

Modifying main.jsp

Modify the JSF Configuration File

Re-jar Entitlements Management Tool Web Archive

Redeploy Entitlements Management Tool Web Archive on Admin Server

Using Custom Data for Access Control

Using an Attribute Retriever to Get a Custom Data Value

Using an Evaluation Function

Clone and Move Operation for Custom Node

Debugging Techniques and Problem Isolation

Example of Extending the Entitlement UI

Follow the Instructions in the Readme

Importing and Exporting Policy Data

Importing Policy Data

Policy Import Tool

Configuring the Policy Import Tool

Setting Configuration Parameters

Username and Password

Policy Import Parameters

Sample Configuration File

Running the Policy Import Tool

Understanding How the Policy Loader Works

Exporting Policy Data

Policy Export Tool

Before You Begin

Exporting Policy Data on Windows Platforms

Exporting Policy Data on UNIX Platforms

What's Next


  Back to Top       Previous  Next