Creating a Run-Time Policy
To create a new run-time policy, you must have one of the following permissions in CentraSite:
To create policies for a specific organization, you must have the Manage Run-Time Policies permission for that organization. By default, users in the
CentraSite Administrator, Organization Administrator, or Policy Administrator role have this permission.
To create system-wide policies (that is, policies that apply to all organization within an instance of
CentraSite ), you must have the Manage System-Wide Run-Time Policies permission. By default, users in the
CentraSite Administrator role and Operations Administrator role have this permission.
To create a run-time policy
1. In CentraSite Control, go to Policies > Run-Time.
This displays a list of defined run-time policies in the Run-Time Policies page.
2. Click Add Policy.
3. In the Policy Information panel, specify the following fields:
In this field... | Specify... |
Name | Type a name for the new policy. A policy name can contain any character (including spaces). A policy name does not need to be unique within the registry. However, to reduce ambiguity, you should avoid giving multiple policies the same name. As a best practice, Software AG recommends that you adopt appropriate naming conventions to ensure that policies are distinctly named within your organization. |
Description | Optional. Type a description for the new policy. This description appears when a user displays a list of policies in the user interface. |
Version | Optional. Specify a version identifier for the new policy. Note: | The version identifier does not need to be numeric. |
Examples: 0.0a 1.0.0 (beta) Pre-release 001 V1-2007.04.30 The version identifier you type here is the policy's public, user-assigned version identifier. CentraSite also maintains an internal, system-assigned version number for the policy. |
4. In the Scope panel, specify the required fields.
Scope refers to the set of properties that determine the target type, organization, and asset type to which the policy applies.
In this field... | Specify... |
Target Type | The target type to which the policy is deployed. Select webMethods Integration Server (that is, the webMethods Mediator gateway type). |
Organization | The organization to which the policy applies. Select All if you want to apply the policy to the specified services in all organizations. Important: | Once you create a policy, its organizational scope is fixed and cannot be changed. That is, if you create a policy whose scope is specific to organization ABC, you cannot change its scope to make it system-wide or switch it to another organization. You must create a new policy and set its organizational scope as needed. |
|
Asset Types | The type of asset to which this policy applies. Select one of the following: Service XML Service REST Service Virtual Service Virtual XML Service Virtual REST Service Note: | CentraSite does not provide out-of-the-box policy-enforcement for web services. |
|
5. In the Apply Policy to Services that Meet the Following Criteria panel, specify criteria that identify the virtual services to which the policy applies.
To target a policy for a particular set of virtual services, you refine the policy’s scope by specifying additional selection criteria based on the virtual service’s Name, Description, or Classification properties.
a. select an attribute (Name, Description, or Classification) that identifies the services to which the policy applies.
b. select an operator for the attribute (if applicable).
c. Specify a value for the attribute (if applicable). Values are case-sensitive.
d. If you need to specify multiple values or attributes, use the plus button to add multiple rows. For example, for the Classification attribute you might select multiple Taxonomy names. If you specify multiple criteria, they are connected by the AND operator.
After you save the policy, you see the generated list of services is displayed on the Policy Detail page's Services profile.
Note: | Keep the following in mind: If you specify no criteria, the policy applies to all virtual services. You can specify only one Name Equals <value> condition. However, you can specify multiple Name Contains <value> or Name Starts With <value> conditions. |
Caution: | CentraSite checks for policy conflicts when you deploy a virtual service to Mediator. If the service has only one policy applied to it (the policy you are applying here), that policy is deployed to Mediator, and Mediator executes the policy's run-time actions in the order in which they appear in the policy. However, if the service already has additional policies applied to it, a policy conflict might occur, which might cause unintended consequences. CentraSite informs you of policy conflicts. |
6. Click Next.
7. In the Available Actions dialog, select the built-in actions that you want to include in the policy.
Keep the following points in mind when you select the actions for the policy:
If you are using
webMethods Mediator as your PEP, you must include the Identify Consumer built-in action (and optionally other identification actions) in order to identify or authenticate consumers.
Ensure that the actions in the
Selected Actions list appear in the order in which you want them to run when the policy is enforced. If necessary, use the control buttons on the right side of the list to place them in the correct order.
8. Click Finish to save the new (as yet incomplete) policy.
The Runtime Policy Detail page is displayed, showing details of the policy you just created.
9. Specify parameter values for each of the policy’s actions as follows:
a. In the Actions profile, select the action whose parameters you want to set.
b. In the Edit Action Parameters page, set the parameters as necessary and click Save.
c. Click Save and then Close.
Icon | Description |
| The action has required input parameters that have not yet been set. |
| All of the action’s required input parameters have been set. Note: | This icon automatically appears for actions that have no input parameters. |
|
The icons next to the actions in the Parameters Set column indicates whether the action parameters have been set.
10. If you want to allow other users to view, edit, or delete this policy, go to the Policy Detail page, select the Permissions profile, and assign permissions to those users. You do not see this profile unless you belong to a role that has the Manage Runtime Policies permission.
11. Activate the policy.