Manage access control policy sets

A policy set is a group of policies that are used together to protect a resource.

We must create access control policies. See Create an access control policy.

We can view, create, modify, or delete a policy set.

Steps

  1. Log in to the local management interface.

  2. Click AAC.

  3. Under Policy, click Access Control.

  4. Perform one or more of the following actions:

      Create a policy set

      1. Click Create policy set.

      2. Type a name for the policy set in the Name field. The name must begin with an alphabetic character. Do not use control characters, leading and trailing blanks, and the following special characters ~ ! @ # $ % ^ & * ( )  + | ` = \ ; :  " ' < > ? , [  ] { }/ anywhere in the name.

      3. Optionally, type a description in the Description field.

      4. In the Policy Combining Algorithm dialog, set the combined action for the policy set by choosing one of the following options:

          Deny access if any policy in the set returns deny
          Choose this option to have the policy set to deny access if any policy in the set returns a response of deny.

          Permit access if any policy in the set returns permit
          Choose this option to have the policy set to permit access if any policy in the set returns a response of permit.

          Return the decision of the first policy in the set that returns either permit or deny
          The policies are evaluated in the order they are listed in the set. Choose this option if to use the first policy that returns a response of permit or deny as the result of the policy set. All policies will be evaluated regardless of which policy returns a decision result.

      5. Click Save.

      6. Click OK.
      7. Next, add one or more policies to the policy set.

      Add one or more policies to a policy set

      1. Click All Policies.

      2. Select a policy or press Ctrl and select multiple policies to add to the policy set.

      3. Click Add To Add To.

      4. Select a policy set.

      5. Click OK.

      Change the order of the policies in a set
      If we selected Return the decision of the first policy in the set that returns either permit or deny, set the order in which we want the policies to run:

      1. Select a policy set.

      2. Select a policy.

      3. Click Move up or Move down to change the position of the policy in the set.

      Modify a policy set

      1. Select a policy set in the list of policy sets.

      2. Click Modify policy set.
      3. Change to the name, description, or policy combining algorithm. The name must begin with an alphabetic character. Do not use control characters, leading and trailing blanks, and the following special characters ~ ! @ # $ % ^ & * ( )  + | ` = \ ; :  " ' < > ? , [  ] { }/ anywhere in the name.

      4. Click Save.

      Remove one or more policies from a policy set

      1. Select a policy set in the list of policy sets.

      2. Select a policy or press Ctrl and select multiple policies to remove from the policy set.

      3. Click Remove Remove. Confirm the removal. When we remove a policy from a set, the policy is not deleted from the policy list. To delete a policy from the list, see Manage access control policies.

      4. Click OK. The policy is removed.

      Delete a policy set

      1. Select a policy set in the list of policy sets.

      2. Click Delete. Confirm the deletion.

      3. Click OK. The policy set is deleted.

Parent topic: Access control policies