Use this task to create policy assignment rules. Policy assignment rules allow you to enforce permissions and criteria based policies for individual users accessing your network.
Before you begin
You must have an LDAP Server configured to assign policy assignment rules. For more information, see Configuring LDAP Servers.
Task
For option definitions, click ? in the interface. 1 Go to Systems | Policy Assignment Rules, then click New Assignment Rule. The Policy Assignment Builder wizard is launched and the Details page is opens. 2 Specify a unique Name, Priority, and a Description for this policy assignment rule, then
click Next. The Included Objects page opens.
NOTE: By default, the priority for new policy assignment rules is assigned sequentially
based on the number of existing rules. You can change the priority in the Details page of
this wizard, or you can edit the priority of this and any rule by clicking Edit Priority on
the Policy Assignment Rules tab. 3 Click Add to select the objects affected by this rule. The Select Directory Element page
opens. 4 Select the LDAP server you want to look in from the menu list and choose whether to locate elements by clicking Browse or Search. Locate the directory elements you want to add
to this rule, then click OK to return to the Included Objects page and click Next. The Excluded Users page opens. TIP: In large organizations with many users, use Search to locate directory elements (if
you have the user, or group name available) rather than Browse, because loading the entire
contents of the directory for browsing can cause a temporary spike in system resources.
However, to add multiple elements to the Included Objects list at one time, you must use
the Browse option and select each element by clicking its check box. 5 Click Add to select objects to exclude from the included objects list. The Select Directory Element page opens. TIP: Add excluded users to a rule when the rule is being applied to groups or organizational
units (OUs). For example, if you have a rule that affects an entire OU, you might want to
exclude managers so they are not affected by the rule. Rather than adding each user in
the OU to the included objects list, add the OU and exclude only those members you don’t
want to be affected by the rule. 6 Select the objects you want to exclude, then click OK to return to the Included Objects
page and click Next. The Assigned Policies page opens.
7 Click Add. The Choose a policy to assign dialog box opens.
8 Select the Product, Category, and Policy you want to add to this rule from each menu
and click OK, then click Next. The Summary page opens.
9 Review the summary and click Save.
Global Threat Condition: Elevated
