Protected object policies, or POPs, are policies that contain
extra conditions on the requests that are sent to the Verify Identity Access and
WebSEAL along with the yes ACL policy decision from
the authorization service.
The Verify Identity Access and
the resource manager enforce the POP conditions.
The following tables list the available attributes for a POP:
Listing of POP attributes for Verify Identity Access and a description of
each one.
| Enforced by Verify Identity Access |
| POP Attribute |
Description |
| Name |
Name of the policy. This attribute becomes the <pop-name> argument
in the pdadmin pop commands. |
| Description |
Descriptive text for the policy. This attribute
appears in the pop show command. |
| Warning Mode |
Provides administrators a means to test ACL and
POP policies. |
| Audit Level |
Specifies the type of auditing: all, none, successful
access, denied access, errors. |
| Time-of-Day Access |
Day and time restrictions for successful access
to the protected object. |
Listing of POP attributes for WebSEAL and a description of each one.
| Enforced by Resource
Manager (WebSEAL) |
| POP Attribute |
Description |
| Quality of Protection |
Specifies the degree of data protection: none,
integrity, privacy. |
| IP Endpoint Authentication Method Policy |
Specifies the authentication requirements for access
from members of external networks. |
| Document Cache Control |
Specifies the caching instructions for the handling
of specific documents. |