Each resource assigned to an Application Domain can be protected by only one authorization policy.
In an automatically generated Application Domain, the following authorization policies are seeded as defaults:
Protected Resource
Public Resource
After adding resource definitions to the Application Domain, Administrators can begin refining a default authorization policy, adding a new policy, and adding resources to authorization policies. This section provides the following topics:
Administrators can create an authorization policy to protect access to one or more resources based on attributes of an authenticated user or the environment. The authorization policy provides the sole authorization protection for resources included in the policy. Authorization policies are local, which means that each policy applies only to the resources specified for the policy. A policy cannot be derived or applied to any other resource.
A single policy can be defined to protect one or more resources in the Application Domain. However, each resource can be protected by only one authorization policy.
Figure 25-15 shows the Authorization Policy page within an Application Domain. The resources assigned to this policy are displayed on the Resources tab of the policy.
Figure 25-15 Sample Individual Authorization Policy Page
Table 25-10 describes authorization policy elements. The elements are the same regardless of the domain; only the details will differ.
Table 25-10 Authorization Policy Elements and Descriptions
Element | Description |
---|---|
Name |
A unique name used as an identifier in the navigation tree. |
Description |
Optional unique text that describes this authorization policy. |
Success URL |
The redirect URL to be used upon successful authorization. |
Failure URL |
The redirect URL to be used if authorization fails. |
Summary |
General information (usually Name and optional Description). |
Resources |
One or more previously-defined resource URLs to be protected by this authorization policy. |
Conditions |
See Also "Introduction to Authorization Policy Rules and Conditions". |
Rules |
See Also "Introduction to Authorization Policy Rules and Conditions". |
Responses |
See Also "Introduction to Policy Responses for SSO". |
Users with valid Administrator credentials can add an authorization policy to an Application Domain.
Prerequisites
Any resource to be added to a policy must be defined within the same Application Domain as the policy.
See Also:
To create an authorization policy and resources
Users with valid Administrator credentials can locate a specific authorization policy.
To search for an authorization policy
Users with valid Administrator credentials can view or modify an authorization policy within an Application Domain.
See Also:
To view or edit an authorization policy
Users with valid Administrator credentials can delete an authorization policy or simply delete resources within the policy.
Note:
During a Delete operation, you are alerted to confirm removal of the policy. Confirmation is required to complete the operation.
When you remove the entire policy, all resource definitions remain within the Application Domain. However, the authorization policy and the conditions and rules governing access are eliminated.
To simply alter an element in the policy see "Viewing or Editing an Authentication Policy".
See Also:
Prerequisites
Assign resources governed by this policy to another authorization policy, either before or after deleting the policy.
To delete an authorization policy