Creating session-level policies

Use the Policy Builder for Data to create and install session-level policies.

About this task

The overall workflow for defining session-level policies is the same as for standard data-security policies. For information about defining policies, see Creating and installing a policy and policy rules. This procedure focuses on unique aspects of creating session-level policies.

Procedure

  1. Navigate to Protect > Security Policies > Policy Builder for Data.
  2. Create a new policy or clone an existing policy.
    • To create a new policy, click the new icon.
    • To clone a policy, select an existing session level policy template from the Security Policies window and then click the copy icon.
    • Important: Policies that are installed from the central manager to an aggregator might appear in the aggregator UI as not installed because you cannot install policies on an aggregator. To determine whether a policy is installed, run the list_installed_policies API or check in the Policy Builder for Data page for each aggregator.
    The Create New Policy window displays.
  3. For a new policy, from the Name and properties pane, set the policy type to Session level policy and define a policy name.
    Attention: After a policy is saved as a session-level policy, you cannot change it to a data-security policy.
  4. Click the Rules pane to begin working with policy rules, then create a new rule by clicking the new icon.
    1. From the Rule definition pane of the Create New Rule window, define a Rule name.
      For session-level policies, the Rule type field is predefined to Session.
    2. Click the Rule criteria pane and begin defining rule parameters and values.
      • Use the menus to select individual parameters and define selection operators, and then specify values or groups to match.
      • Use the add and remove icons to add or remove criteria from the rule.
      For more information about rule criteria, see Rule definition fields and Values and groups of values in rules
      Attention: Unlike standard data-security policies, all rule criteria available for session-level policies are based on the session.
    3. Click the Rule action pane to begin working with rule actions, then create a new rule action by clicking the new icon and selecting an action.
      If further configuration is necessary, use the Add New Action window to define the action. For more information about available actions, see the Actions section of the Using session-level and advanced session-level policies.
    4. When finished defining the rule, click OK to return to the Rules pane.
      Continue working with rules as needed.
  5. When finished defining the policy and its rules, click OK to save the policy and return to the Security Policies table.

What to do next

Install policies by selecting a policy from the Security Policies window and clicking Install > Install. Select the Installation action you want and click OK to install the policy. Installed policies are indicated by a check mark in the Installed column.