15.3.3.1. Procedure – Configuring authorization policies

  1. Creating authorization policies

    Figure 15.25. Creating authorization policies

    Create an Authorization policy on the Policies tab of the Application-level Gateway MC component. Click on New, select Authorization policy from the Policy type combobox, and enter a name for the policy into the Policy textbox.

  2. Selecting an authorization model

    Figure 15.26. Selecting an authorization model

    Select the authorization model to use in the policy from the Class combobox. The following models are available:

    • BasicAccessList: Authorize only users meeting a set of authorization conditions, for example, certain users, users belonging to specified groups, or any combination of conditions using the other authorization models.

    • NEyesAuthentication: The client trying to access the service has to be authorized by one (or more) authorized clients. This model can be used to implement 4-eyes authorization solutions.

    • PairAuthentication: Authorize only userpairs — single users cannot access a service, that is, only two different users (with different usernames) can access the service.

      Tip

      NEyesAuthentication and PairAuthentication are useful when the controlled access to sensitive (for example, financial) data has to be ensured and audited.

    • PermitGroup: Authorize only the members of the listed usergroups. This is a simplified version of the BasicAccessList model.

    • PermitUser: Authorize only the listed users. This is a simplified version of the BasicAccessList model.

    • PermitTime: Authorize any user but only in the set time interval. This authorization model does not require authentication.

      Tip

      Use the BasicAccessList authorization model to combine user authentication with time-based authentication. For example, create a policy consisting of two Required policies: PermitTime and PermitUser.

  3. Configuring authorization policies

    Figure 15.27. Configuring authorization policies

    Configure the parameters of the selected authorization class. See Section 15.3.3.2, Authorization models of PNS for the detailed description of the classes.

  4. Using authorization policies in PNS services

    Figure 15.28. Using authorization policies in PNS services

    Navigate to the Instances tab of the Application-level Gateway MC component, and select the service that will use the authorization policy.

  5. In the Service parameters section, select the Authorization policy to use from the combobox.