Hi,
I have a question about the Authorization order (similar to this old
thread: http://tinyurl.com/o86bu2k)

I'm running AM4.2 Appliance.
I have 2 Roles assigned, STAFF and STUDENTS.
I have multiple websites that I am providing Authorization for, via
Access Manager.

Site A, I want to allow STAFF, but not STUDENT.
Site B, I want to allow STUDENT, but not STAFF
Site C, I want to allow STAFF and STUDENT ONLY (no NON STAFF/STUDENT
logins should be allowed)

I was under the impression that I could create 3 Authorization
Policies:
AUTH_POL_STAFF:
Priority 1: If Role = STAFF, Permit

AUTH_POL_STUDENT:
Priority 1: If Role = STUDENT, Permit

AUTH_POL_DENY:
Priority 10: Unconditional DENY

Then, I could assign the protected resources like:

Site A:
AUTH_POL_STAFF, AUTH_POL_DENY

Site B:
AUTH_POL_STUDENTS, AUTH_POL_DENY

SITE C:
AUTH_POL_STAFF, AUTH_POL_STAFF, AUTH_POL_DENY

Should this work? Is this how the policies are processed, one after the
other, in order of priority? I shouldn't need to create a different
Authorization Policy for each site, should I?

I'm still reading the docs, but would appreciate any insights.

Cheers.
Michael.


--
mickers
------------------------------------------------------------------------
mickers's Profile: https://forums.netiq.com/member.php?userid=1122
View this thread: https://forums.netiq.com/showthread.php?t=54829