Novell Doc: Novell Access Manager 3.0 SP4 Administration Guide - Creating Enterprise JavaBean Authorization Policies for J2EE Agents

28.4 Creating Enterprise JavaBean Authorization Policies for J2EE Agents

An Enterprise JavaBean (EJB*) Authorization policy allows you to protect the entire bean or specific interfaces or methods. For information about designing a policy, see Section 28.1, Designing an Authorization Policy.

To create an EJB Authorization policy:

In the Administration Console, click Access Manager > Policies > New.
Specify a name for the policy, select J2EE Agent: EJB Authorization as the type, then click OK.
Fill in the following fields:

Description: (Optional) Specify a description for the rule.

Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and 10 is the lowest. If two rules have the same priority, a Deny rule is applied before a Permit rule.
In the Condition Group 1 section, click New, then select one of the following:
- Credential Profile: Allows you to control access based on the credentials the user specified during authentication. For configuration information, see Section 28.5.3, Credential Profile Condition.
- Current Date: Allows you to control access based on the date of the request. For more information, see Section 28.5.4, Current Date Condition.
- Current Day of Week: Allows you to control access based on the day the request is made. For configuration information, see Section 28.5.5, Current Day of Week Condition.
- Current Day of Month: Allows you to control access based on the month the request is made. For configuration information, see Section 28.5.6, Current Day of Month Condition.
- Current Time of Day: Allows you to control access based on the time the request was made. For configuration information, see Section 28.5.7, Current Time of Day Condition.
- LDAP Attribute: Allows you to control access based on the value of an LDAP attribute. For configuration information, see Section 28.5.9, LDAP Attribute Condition.
- Liberty User Profile: Allows you to control access based on the value of a profile attribute. For configuration information, see Section 28.5.11, Liberty User Profile Condition.
- Roles for Current User: Allows you to control access based on the roles a user has been assigned. For configuration information, see Section 28.5.12, Roles for Current User Condition.
To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 28.7, Using Multiple Conditions.
In the Actions section, select either Permit or Deny.
To save the rule, click OK, then click Apply Changes.
Assign the policy to an EJB resource. See Assigning an Enterprise JavaBeans Authorization Policy to a Resource in the Novell Access Manager 3.0 SP4 Agent Guide