Using Global Rules - HP J4813A User Manual

Using Global Rules

Global Rules can be used to provide an "exception process" to the normal
processing of access rules via Access Policy Groups. IDM will check for Global
Rules and apply them to the designated users before processing any access
rules found in Access Policy Groups. For example, you can use a Global Rule
to deny access to the network during a specific time period, such as a site
shutdown or during periods when network maintenance is being done.
Global Rules are typically used to apply to all users in a realm. They can also
be defined to apply to a single user or access policy group. Global Rules should
not take the place of existing rules defined within the Access Policy Groups;
they are intended for special use cases.
To display global rules, click on the
Global Rules
click the tab in the Realm display.
Global Rules
The tab provides the following information for defined global
rules:
Target User(s) or access policy group to which the rule applies
Location Location where the rule is used
Time Time that the rule is used
System System where the rule is used
Endpoint Indicates the endpoint integrity status used by the rule.
Integrity This appears only if the Endpoint Integrity option is set in IDM
(Global) Preferences.
Access Profile Access profile governing user permissions during the session
Using Identity Driven Manager
Configuring User Access
Realm
in the IDM navigation tree, then
3-39