Working With Policies

From the Policies menu you can begin creating your first Policy. Each Policy may optionally have one or more Child Policy. This section discusses how to create, rename, or delete policies.

Add Policy

A Policy is represented by a name. The Policy name is used when client applications request evaluation for that Policy and must be unique to that Policy level to disambiguate referencing the Policy by name.

Select Add Policy from the top level Policies listing, and enter the name of the Policy.

../_images/ui-addpolicylink.png ../_images/ui-addpolicy.png

The new Policy will be shown in the Policies list.

../_images/ui-policylist.png

Rename Policy

If you want to rename the Policy you can do so from the list by selecting the Edit icon (the pencil).

../_images/ui-renamepolicy.png

After updating the name, press the Enter key or select the check mark icon. If you decide not to rename, select the Cancel (X) icon to cancel editing.

Delete Policy

If you want to delete a Policy from the system, select the Delete (garbage can) icon. You will be prompted to confirm before the action is taken.

../_images/ui-deletepolicyconfirm.png

Warning

This is a non-recoverable action that will remove all settings for the policy including any child Policies, Permissions, Roles, user assignments to roles.

Policy Tree

The Policy Tree shows a policy’s roles and role assignments, and child policies, making it possible to view the overall structure in one place.

To view the Policy Tree for a specific policy, select the view Policy Tree icon from the policy listing.

../_images/ui-policytreebtn.png

When you click on the Policy Tree icon, you will be redirected to a page showing the first level policy details.

../_images/ui-policytree.png

Warning

If an individual level has a large number of child roles, role assignments or policies, it may slow the loading time for that level.

Tree Navigation

Selecting a Policy node will expand the node to show roles and child policies. To view role assignments, select the role to expand the tree and the assignments will be listed.

../_images/ui-policytree-roleassignments.png

You can edit assignments by selecting the Edit Role Assignment icon beneath the role. This will redirect you to the Role Management page for this policy.

../_images/ui-policytree-editroleassignments.png ../_images/ui-policytree-managerole.png

Policy Tree Filter

You can filter the subject or role assignment shown in the Policy Tree by typing the subject or role identifiers in the search box.

Note

These filters are case-sensitive as both subjectId and role name value are case-sensitive when compared with the values in a JSON Web Token.

../_images/ui-policytreesearch.png

Add Child Policy

When you create a top level Policy, and select it from the policies listing, you will be able to create one or more Child Policy. From the Manage Policy page under Child Policies you can select the Add Policy link.

../_images/ui-nochildpolicies.png

On the Add Policy page you will see the breadcrumb shows the new policy being created in the path of the policy you were managing.

../_images/ui-addchildpolicy.png

After adding the new Child Policy you will see it in the Child Policies listing.

../_images/ui-childpolicylist.png

Rename Child Policy

As with top level policies, you will be able to rename the Child Policy by selecting the edit icon.

Delete Child Policy

As with top level policies, you will be able to delete the Child Policy by selecting the delete icon.

Warning

As with top level policies, deleting a Child Policy is a non-recoverable action that will remove all settings for the Child Policy including any additional child policies, permissions, roles, or user assignments to roles.

Child Policy Hierarchy

You may create one or more Child Policy beneath a given top level or Child Policy by selecting the desired parent policy to manage, and subsequently adding a new Child Policy to that policy level.

Policy hierarchy is also discussed in the PolicyServer Overview. More on Policies and Policy Hierarchy