Authorization policies, Authorization policy configuration page – HP Secure Key Manager User Manual

Page 122

Advertising
background image

Authorization Policy Configuration Page

An authorization policy enables you to limit how a group may use a key. You implement an authorization

policy when establishing a key’s group permissions. The policies are applied to a key separately for each

group; groups that share a key do not necessarily share the same authorization policy.

NOTE:

The key owner is never limited by the key’s policy restrictions.

Authorization policies define two kinds of limits:

Rate Limits: The number of cryptographic operations (per hour) that members of the group can

perform. The default is unlimited operations. If a user attempts to perform an operation and has

exceeded the rate limit, an error is returned and the connection is closed.

NOTE:

Rate limiting is done on a per-user basis, not on a per-group basis. If the limit is 500 operations,

each user in the group can perform 500 operations with the key.

Time Limits: The hours or days in which members of the group can perform operations. The

default is unlimited access. If a member of a restricted group attempts to use the key outside of the

designated time, an error is returned and the connection is closed.

For more information on the Group Permissions section please see

Group Permissions

.

Once an authorization policy is defined it is associated with a key and a group through the Group

Permissions section in the Management Console. Individual keys can be associated with multiple groups

which may in turn have differing or conflicting authorization policies. In this case, the server chooses the

least restrictive authorization policy available (the most operations per hour for the current time of day).
By default, no authorization policies are assigned to any group.

NOTE:

Authorization policies cannot be applied to global keys or to certificates. Key owners are not subject to

policy restrictions.

The Authorization Policy Configuration page enables you to create and manage authorization policies.

This page contains the following sections:

Authorization Policies
Authorization Policy Properties
Authorized Usage Periods

Authorization Policies

Use the Authorization Policies section to create and manage the authorization policies for the SKM.

122

Using the Management Console

Advertising
Popular Brands
Popular manuals