Using global rules, Using global rules -45 – HP Identity Driven Manager Software Series User Manual

3-45

Using Identity Driven Manager

Configuring User Access

Using Global Rules

Global Rules can be used to provide an "exception process" to the normal
processing of access rules via Access Policy Groups. IDM will check for Global
Rules and apply them to the designated users before processing any access
rules found in Access Policy Groups. For example, you can use a Global Rule
to deny access to the network during a specific time period, such as a site
shutdown or during periods when network maintenance is being done.

Global Rules are typically used to apply to all users in a realm. They can also
be defined to apply to a single user or access policy group. Global Rules should
not take the place of existing rules defined within the Access Policy Groups;
they are intended for special use cases.

To display global rules, click on the

Realm

in the IDM navigation tree, then

click the

Global Rules

tab in the Realm display.

Figure 3-32. Global Rules tab

The

Global Rules

tab provides the following data about defined global rules:

Target

User(s) or access policy group to which the rule applies

Location

Location where the rule is used

Time

Time that the rule is used

System

System where the rule is used

WLAN

WLAN where the rule is used. Appears only if the Enhanced
Wireless Support option is set in Preferences for Identity
Management

Endpoint
Integrity

Indicates the endpoint integrity status used by the rule.

This appears only if the Endpoint Integrity option is set in
Preferences for Identity Management