Access Manager uses the policy type to define the context within which a policy is evaluated. Each type of policy differs in purpose, which in turn determines the conditions and actions that apply. For example, the conditions and actions of an Authorization policy differ from the conditions and actions of an Identity Injection policy.
When you click
on the Policies page, the system displays the predefined policy types in a drop-down list. Each policy type represents the set of conditions and actions that are available. You then configure rules to determine user roles, make decision requests, and enforce authorization decisions. You can also set up policies with no conditions, allowing actions to always take place. As policies and conditions become complex, it can be simpler and more manageable to design policies with conditions that deny or restrict access to large groups of users, rather than setting up policies that permit access to certain users.Access Manager has the following policy types:
Access Gateway: Authorization: This policy type is used to permit or deny access to protected resources, such as Web servers. After you have set up the protected resource, you use the policy rules to define how you want to restrict access. For example, if a user is denied access to a resource, you can use the policy to redirect them to a URL where they can request access to the resource.
Access Gateway: Identity Injection: This policy type evaluates the rules for Identity Injection, which retrieves identity data from a data source (user store) and forwards it to Web applications. Such a policy can enable single sign-on. After the user has authenticated, the policy supplies the information required by the resource rather than allowing the resource to prompt the user for the information.
Access Gateway: Form Fill: This policy type is used to create a policy that automatically fills in the information required in a form, after the user has filled in the form once. Such a policy can enable single sign-on to resources that require form data before allowing access.
Identity Server: Roles: This policy type evaluates rules for establishing the roles of an authenticated user. Roles are generated based on policy statements each time a user authenticates. Roles are placed into an Authentication Profile, which can be used as input in policies for Authorization or Identity Injection.
J2EE Agent: EJB Authorization: This policy type allows you to create policies that protect an Enterprise JavaBean. You can protect the entire bean or specific interfaces or methods.
J2EE Agent: Web Authorization: This policy type allows you to create policies that protect the Web applications on a J2EE server.