Deny access based on a set of conditions

A common policy scenario is to deny access based on a set of conditions.

Use the steps in this scenario task to create a policy that denies access if any of the following conditions are true.

Steps

  1. Log in to the local management interface.

  2. Click AAC.

  3. Under Policy, click Access Control.

  4. In the center panel, click Add policy.

  5. Enter a name for the policy.

  6. In the Rules section, set the Precedence property to Deny. As a result, access is denied if any rule returns deny.

  7. Click Add Rule.

  8. Select riskScore from the attribute list.

  9. Select > as the operator.

  10. Type 40 as the value.

  11. In the Decision list, select Deny.

  12. Click OK to complete the rule.

  13. Click Add Rule to add another rule.

  14. Select ipReputation from the attribute list.

  15. Select has member as the operator.

  16. Type Malware as the value.

  17. In the Decision list, select Deny.

  18. Click OK to complete the rule.

  19. Click the arrow next to Add Rule.

  20. Click Unconditional rule.

  21. In the Decision list, select Permit. The unconditional Permit rule causes the policy to permit access if none of the deny access rules evaluate to true.

  22. Click OK.

This scenario uses the following settings in the policy editor.

Parent topic: Policy scenarios