000025828 - How to use an RSA ClearTrust SmartRule

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025828
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
Sun Solaris 2.9
IssueHow to use an RSA ClearTrust SmartRule
Allow a user to access an application if the following is true: companyCode="DC10" AND ((title=Acct Manager*) OR (title=Corrosion Tech*))
ResolutionIn the resources you wish to protect, choose the "Policy Conflict Resolution" to "Deny access when policy conflict occur". Then have 2 properties: CC as BOOLEAN, title as STRING.

You can test with 8 users: (these tests just about cover all scenarios)

User1: CC = false, title = Acct Manager (you want to allow this person)
User2: CC = false, title = Corrosion Tech (you want to allow this person)
User3: CC = false, title = Janitor (you want to deny)
User4: CC = true, title = Acct Manager (you want to deny)
User5: CC = true, title = Corrosion Tech (you want to deny)
User6: CC = false, title = <blank> (you want to deny)
User7: CC = true, title = <blank> (you want to deny)
User8: CC = unspecified, title = <blank> (you want to deny)

Thus the CC Boolean flag keeps track of who's not authorized (if set to true, they are bad).
Legacy Article IDa17622

Attachments

    Outcomes