The DualShield platform is controlled by various types of policies. At the installation, DualShield provides a default policy for each type of policy. These default policies are system-level policies and are applied to the entire system. You can accept the default policies or create custom policies and apply them to the desired objects and elements.
Before you create custom policies, you need to understand the following rules:
- A policy always has a holder or owner. The holder of the default system policies is the system itself.
- There are 5 types of the policies holders:
- System
- Domain
- Unit
- Group
- User
- When DualShiled searches for a policy, it starts from the bottom of the above holder list. If it finds the required policy, it stops the search. Effectively, a policy is inherited from the “parent” holder unless the policy is defined by the holder itself. For instance, when searching for a user’s logon policy for a specific application, DualShield starts from the user’s logon policy that is associated with the application that the user is attempting to access. If found then DualShield stops the search and uses the user’s logon policy. If the user does not have his/her own logon policy, DualShield goes up one level and checks if the groups that the user belongs to have logon policies for the application that the user is attempting to access. And so on and so forth.
- A user may be a member of several groups. When searching for a policy on the group level, DualShield merges the policy attributes of all groups that the user belongs to. If there are conflicts found in an attribute, DualShield will go up the list and search the attribute in the user’s unit policy, domain or system policy.
To create a custom policy, you can either create a new policy or clone it from an existing policy.