Access control policies

An access control policy is a set of conditions that, after they have been evaluated, determine access decisions.

The conditions are a combination of attributes, obligations, authentication policies, and a risk profile. Before you author a policy, review the available attributes, obligations, authentication policies, and risk profiles in the local management interface to determine if they meet the needs of the policy.

• Manage attributes
• Manage obligations
• Manage authentication policies
• Manage risk profiles

For information, see Risk management overview.

When all of the attributes, obligations, and authentication policies are available and the risk profile to use is set active, use the policy editor to select the conditions for the policy.

• Manage access control policies
  An access control policy is a set of conditions that define Whether a user is permitted or denied access to a protected resource.
• Create an access control policy
  Use the Policy Editor on the appliance local management interface to create and configure an access control policy.
• Manage access control policy sets
  A policy set is a group of policies used together to protect a resource.
• Manage access control policy attachments
  Attach policies or API protection definitions to resources so the policies and definitions can be enforced.
• Policy scenarios
  Several commonly used policy scenarios are provided as examples to help you author policies.

Parent topic: Advanced Access Control administration