Access Policy allows administrators to create policies for controlling access to your sites. Access policies determine whether or not endpoint devices are allowed to access internal sites and applications, or perform certain operations on the application servers, depending on the security settings of the endpoint devices.
To configure access policies, click on Access Policy (icon) on main menu and it will open the Rule Designer of Policy Engine.
Access Policy types
Three types of Access policies are available:
- Global: Rules that apply globally. Any rules defined under Global will apply to everything published on the appliance.
- Predefined: Predefined access policies and templates are delivered with TAC application. The administrator can duplicate those templates to use in their environment.
- User Defined: User defined policies and rules. User defined policies can be customized and modified according to the requirements of the organization.
You can create rules that should apply to the entire organization or domain, and then create a rule under Global Access policy. This rule will take effect globally and will be applied on top of other predefined or user-defined rules. Usually common security measures of an organization would come in to Global Policy category such as antivirus, operating system, firewall etc. By default, Global Policy takes precedent over Predefined or User-Defined Access Policies and is available in Predefined or User-Defined Access Policies set. Users cannot remove Global Policy from any of the policy sets.
Predefined Access Policies are the policies that come with the application for specific purposes. You may keep the policies as a template and use in your environment, but you are not allowed to modify that policy within the Predefined Policy set. You may duplicate the Predefined policies and copy it in to User-Defined policy set and modify it to meet your requirement. Predefined policies are like policy templates that come along with the TAC application.
User-Defined policy allows users to create their own set of policies and it will give more specific policy requirement for your organization. Specific policies may need to restrict or control specific application access or user access that effects only that particular application or objects. You can create your own organization’s access policies under User-Defined policy set.
A policy consists of a set of access rules. A rule determines what to do when a set of conditions met a positive result or negative result. The administrator can create many rules within a policy. A rule consists of a set of conditions and two types of actions: If the conditions met for a positive result; and if the conditions failed for a negative result. This method uses the logical construction of IF, THEN, ELSE to get the output. In that case, the rule runs the conditions in given order by the administrator. If the condition or set of conditions satisfy the requirement, the rule processes the defined action either “allow” or “deny.” If the result of a rule is not satisfied by an “allow” or “deny” action, the next subsequent rule will begin and continue to process until the prior process concludes with the “allow” or “deny” action. When a rule concludes with an “allow” or “deny” action, the rule processing will be terminated and subsequent rules in the list will be ignored.