Changing access policy group assignments, Using global rules – HP Identity Driven Manager Software Series User Manual

3-50

Using Identity Driven Manager
Configuring User Access

Changing Access Policy Group Assignments

To re-assign users to a different APG:

1. Select the access policy group or domain from the IDM navigation tree, and then

click the Users tab in the Access Policy Group or Domain window.

2. Select the users in the list, then click the Add Users to APG button in the toolbar

to display the Select Access Policy Group window.

3. Select a different option from the Assign selected Users to Access Policy Group

menu.

4. Click OK on the confirmation pop-up, then click OK on the Select Access Policy

Group window to save your changes and close the window.

The new APG assignments are displayed in the Users list.

N o t e

The users if once registered to the default Guest Access Policy Group, cannot be
moved to any other group.

Using Global Rules

Global Rules can be used to provide an “exception process” to the normal processing
of access rules via Access Policy Groups. IDM will check for Global Rules and apply
them to the designated users before processing any access rules found in Access
Policy Groups. For example, you can use a Global Rule to deny access to the network
during a specific time period, such as a site shutdown or during periods when network
maintenance is being done.

Global Rules are typically used to apply to all users in a domain. They can also be
defined to apply to a single user or access policy group. Global Rules should not take
the place of existing rules defined within the Access Policy Groups; they are intended
for special use cases.

To display global rules, select the Domain from the IDM navigation tree, then click
the Global Rules tab in the Domain display.