Novell ACCESS MANAGER 3.1 SP2 - POLICY GUIDE 2010 Manual page 79

Mode: Select Case Insensitive.
Value: Select Data Entry Field. In the text box, type the following value:
ou=sales,o=acme
Result on Condition Error: Select True.
4 In the Actions section, select Deny.
Your policy should look similar to the following:
This sets up the condition so that the following occurs:
When the user does not belong to the sales department, the user is denied access.
When the user belongs to the sales department, the user is granted access.
When an error occurs evaluating the conditions in the rule, the user is denied access.
5 Assign the policy to the protected Web resources of the sales department (see
Authorization Policy to a Protected
Gateway Guide).
6 Repeat these steps for the other two departments, changing the Value field to match the
appropriate department.
Role Policies with Authorization Policies
Because of the company's organization, you need to create three role policies, one for the sales
users, one for the development users, and one for the human resource users. You can then use these
roles as conditions in authorization policies to allow and deny access. The first time you use roles in
an authorization policy, there is extra setup because you must create the role policies. However, after
the role policies are created, you can use them in multiple authorization policies.
The following instructions explain how to use the Sales role to create a policy that controls access to
a protected resource. For instructions on how to create the Sales role, see
the Location of the User Objects" on page
Resource" in the Novell Access Manager 3.1 SP2 Access
56.
"Assigning an
"Creating a Role by Using
Creating Authorization Policies 79