Previous Topic: How to Create a Policy

Next Topic: Listeners


Profile

The profile tab for a Policy Xpress policy contains fields that manage policies and refine policy capabilities.

Note: A policy only applies to the environment it is created in. For example, if you create a policy while logged into the neteauto environment, the policy runs only for the neteauto environment.

Provide the following profile information when creating a policy:

Policy Name

Defines a unique friendly name for the policy.

Policy Type

Defines the listeners that trigger the policy. Each policy type has a different configuration.

Note: You cannot change this field once the policy is saved.

Category

Defines a group of related policies. This field allows you to group policies for easy management.

Description

Specifies a description of the policy.

Priority

If there are multiple policies that run at a single event, this field specifies when the policy runs. Policies are executed based on their priority. The lower the number, the higher the priority (priority 1 runs first, 10 runs second, 50 runs third, and so on).
Setting priority is useful for policies which have a dependency on one another, or breaking a complex policy into two simple ones, that run one after the other.
For example, there are three policies which run if there is a specific value in the database. Instead of having each of the policies verify the value in the database, you can create a policy that runs before the other three policies and checks the value. If the new policy matches the required value, Policy Xpress can set a variable. The other three policies only run if that variable is set, which prevents redundant access to the database.

Enabled

Specifies if the policy is active in CA IdentityMinder. You can clear this check box if you want to disable a policy without deleting it.

Run Once

Specifies if the policy runs only once. Some policies may need to run every time they meet criteria, and others may need to run only once. This value determines if action rules that have already executed in the past should execute again.

For example, adding an SAP role to a user based on department is an action that should only occur the first time the user matches that department. Alternately, a policy that sets the user's salary level based on title would not be set to run once, to make sure that no unauthorized changes take place.

Note: The Run Once option applies to an object, it does not apply globally.