28.2 Creating Access Gateway Authorization Policies

An Authorization policy specifies conditions that a user must meet in order to access a resource. The Access Gateway enforces these conditions. The policy specifies the criteria a user must meet to either allow access or deny access.

To create an Access Gateway Authorization policy:

  1. In the Administration Console, click Access Manager > Policies > New.

  2. Specify a name for the policy, then select Access Gateway: Authorization for the type of policy.

  3. Fill in the following fields:

    Description: (Optional) Describe the purpose of this rule.

    Priority: Specify the order in which a rule is applied in the policy, when the policy has multiple rules. The highest priority is 1 and 10 is the lowest. If two rules have the same priority, a Deny rule is applied before a Permit rule.

  4. In the Condition Group 1 section, click New, then select one of the following:

  5. To add multiple conditions to the same rule, either add a condition to the same condition group or create a new condition group. For information on how conditions and condition groups interact with each other, see Section 28.7, Using Multiple Conditions.

  6. In the Actions section, select either Permit, Deny, or Redirect.

    If you select Redirect, specify the URL to which you want users redirected when they meet the conditions of this policy.

    If you select Deny, select one of the following:

    • Display Default Deny Page: Displays a generic message, indicating that users have insufficient rights to access the resource.

    • Deny Message: Allows you to provide a customized message that is displayed to users who are denied access. This message can be plain text or text with HTML tags.

    • Redirect to URL: Allows you to specify a URL to which users are redirected when they are denied access. For example:

      http://www.novell.com
      
  7. To save the rule, click OK.

  8. To add another rule, click New or to save the policy, click OK, then click Apply Changes.

  9. For information on how to assign the policy to a protected resource, see Section 13.4.3, Assigning an Authorization Policy to a Protected Resource.