Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 77

Condition Extension: (Conditional) If you have loaded and configured an authorization
condition extension, this option specifies a condition that is evaluated by an outside
source. This outside source returns either True or False. See the documentation that came
with the extension for information about what is evaluated.
Data Extension: (Conditional) If you have loaded and configured an authorization data
extension, this option specifies the value that the extension retrieves. You can then select
to compare this value with an LDAP attribute, a Liberty User Profile attribute, a Data
Entry Field, or another Data Extension. For more information, see the documentation that
came with the extension.
6 To add multiple conditions to the same rule, either add a condition to the same condition group
or create a new condition group. For information on how conditions and condition groups
interact with each other, see
7 In the Actions section, select one of the following:
Permit: Allows the user to access the resource.
Redirect: Specify the URL to which you want users redirected when they meet the
conditions of this policy.
Deny: Select one of the following deny actions:
Display Default Deny Page: Displays a generic message, indicating that the user has
insufficient rights to access the resource.
Deny Message: Allows you to provide a customized message that is displayed to users
who are denied access.
Redirect to URL: Allows you to specify a URL that users are redirected to when they are
denied access. For example:
http://www.novell.com
Action Extension (Permit): Select an action from the list of permit extensions. This
action permits access to the resource and performs the additional action that the extension
is designed to perform. If an action extension is not available, see
Policy Extensions," on page 17
extensions.
Action Extension (Deny): Select an action from the list of deny extensions. This action
denies access to the resource and performs the additional action that the extension is
designed to perform. If a deny extension is not available, see
Extensions," on page 17
extensions.
8 (Conditional) If you have installed an action obligation extension, you can click New in the
Actions section, and select the action. This causes the extension to perform whatever action it is
designed to perform whenever a user matches the conditions of this rule. This type of action is
usually always configured in addition to a permit or deny action. If the obligation option is not
available, see Section 1.6, "Adding Policy Extensions," on page 17
uploading, configuring, and importing extensions.
9 To save the rule, click OK.
10 To add another rule, click New or to save the policy, click OK, then click Apply Changes.
11 Assign the policy to a protected resource (see
Protected Resource" in the
Section 3.1.4, "Using Multiple Conditions," on page
for information on uploading, configuring, and importing
for information on uploading, configuring, and importing
"Assigning an Authorization Policy to a
Novell Access Manager 3.1 SP2 Access Gateway
67.
Section 1.6, "Adding
Section 1.6, "Adding Policy
for information on
Guide).
Creating Authorization Policies 77