Using global rules, Using global rules -39 – HP Identity Driven Manager Software Series User Manual
Page 93
3-39
Using Identity Driven Manager
Configuring User Access
Using Global Rules
Global Rules can be used to provide an "exception process" to the normal
processing of access rules via Access Policy Groups. IDM will check for Global
Rules and apply them to the designated users before processing any access
rules found in Access Policy Groups. For example, you can use a Global Rule
to deny access to the network during a specific time period, such as a site
shutdown or during periods when network maintenance is being done.
Global Rules are typically used to apply to all users in a realm. They can also
be defined to apply to a single user or access policy group. Global Rules should
not take the place of existing rules defined within the Access Policy Groups;
they are intended for special use cases.
To display global rules, click on the
Realm
in the IDM navigation tree, then
click the
Global Rules
tab in the Realm display.
The
Global Rules
tab provides the following information for defined global
rules:
Target
User(s) or access policy group to which the rule applies
Location
Location where the rule is used
Time
Time that the rule is used
System
System where the rule is used
Endpoint
Integrity
Indicates the endpoint integrity status used by the rule.
This appears only if the Endpoint Integrity option is set in IDM
(Global) Preferences.
Access Profile Access profile governing user permissions during the session