Creating Rules and Policies  
 
 

Within a security context, you establish rules that protect specific resources. For example, you might create a rule to limit write access to files at a specific pathname. A rule determines what action can be performed on a resource.

Once you've defined access rules, you define a security policy that matches rules to users and groups. You grant access to a protected resource by adding both rules and users to a policy. The users and user groups you add to a policy (you can think of them as policy holders) are authorized to use the resources protected by the security context rules, which are assigned to the policy.

In other words, a rule is a key to a door that guards access to a resource. When you create a rule, it means the key needed to open the door to this resource is available. Who will get this key is decided when you create a policy that includes this rule.

 
 
  To establish rules about access to resources:  
 
  1. From the Advanced Server Security page, click Security Contexts.
  2. On the Registered Security Contexts page, select an existing security context. The Edit Security Context page appears.
  3. Click the Rules button.
  4. In the Resource Rules page for the current context, provide a rule name.

    Rule names are user-defined logical names. Make the rule name easy to remember and to associate with the resource it protects. For example, if you're writing a rule to protect CFQUERY tag, you might name the rule CFQUERY. If you're writing a rule to protect all access to a particular data source, you might name it DatasourceName_All.

  5. In the Resource Type drop-down menu, select a resource type that you want to protect. Click Add.
  6. In the New Resource Rule window, describe how the rule works and click Add.
 
 
  Note  
 

In the Resource Rules page, you might also create additional rules for this security context -- for example, to restrict updating of data sources.

 
 
  To create policies that match rules with user groups:  
 
  1. From the Advanced Server Security page of the Administrator, click the Security Contexts button.
  2. On the Registered Security Contexts page, click on a security context.
  3. In the Edit Security Context page, click the Policies button.
  4. Provide a policy name and click Add.

    For example, you could create a top-level security policy, called Platinum, to grant to certain users broad access to protected resources.

  5. Write a description of the policy and click Add.

    The Resource Policies window appears showing the available Policies for the current Security Context. Now you can assign a policy to various rules and users.



 
 
BackUp LevelNext
 
 

allaire     AllaireDoc@allaire.com
    Copyright © 1998, Allaire Corporation. All rights reserved.