PingAuthorize

Creating policies and policy sets

Create policies and policy sets to define the circumstances under which users access specific resources.

Steps

  1. Click Policies.

  2. Click .

  3. Select Add Policy Set or Add Policy, as appropriate.

    You can name policies and policy sets anything you like. However, you should use relevant and contextual names, especially as the policy tree grows larger and more complex. When naming policies, consider the business rule that they are trying to model and verify that the names represent the operational policies of the organization.

  4. Update the policy to include targets, statements, and other changes.

  5. Optional: Use Properties to add metadata to the policy or policy set in the format of a key-value pair.

    1. Click next to Properties.

    2. Click Add Property and enter a key-value pair.

  6. Optional: Select the Disable check box to disable your policy or policy set.

    If you disable the policy, it is not evaluated and produces a Not Applicable decision. When you disable it, the policy is shown as crossed out in the policy tree.

    Screen capture of a disabled policy being crossed out in the policy tree.

    You can also disable rules. If a rule is unreachable because of the rule structure and combining algorithm, disabling that rule has no effect on the final decision.

  7. Click Save changes.

    After you create a policy, you can modify it to be a repeating policy. For more information, see Repeating policies and attributes.

Example

In the following example, the policy name is My Basic Policy. Because the name has been changed, you see a red dot in the upper-right corner. This dot indicates that the policy contains unsaved changes. If you try to leave the page, a modal opens and prompts you to save your changes.

Screen capture of the top of a policy definition, which displays its name, a unsaved change marker, and the Disabled check box, which allows you to deactivate the policy