Administering protected object policies

Edit online

Use the administration API to create, modify, examine, and delete Verify Identity Access protected object policies (POPs).

You can also use the Administration API to attach or detach POPs from protected objects.

You can use POPs to impose more conditions on operations that are included in the access control list (ACL) policy. These additional conditions are enforced regardless of the user or group identities that are specified in the ACL entries.

See the following examples of the conditions:

Specifying the quality of protection
Writing a report record to the auditing service
Requiring an authentication strength level
Restricting access to a specific time period
Enabling or disabling the warning mode, which allows an administrator to validate security policy

You must understand the Verify Identity Access POP concepts before you use the administration API to administer POPs.