Components of a Policy

An overview of the components of a policy.

A policy contains multiple components that work together to enforce protection at the protection endpoints. The role component and policy is tied closely. Any changes made to the organization LDAP, such as a user linked to a role is added or deleted, result in an update to the policy. The automatic deployment of policy is only applicable for automatic roles. When a policy is deployed in ESA, the protectors sends a request to the ESA for retrieving the updated policy. The ESA creates a package containing the updated policy and the protector pulls the package and the related metadata. So, when a change in package is detected due to one of the following reasons, the protector pulls the package:

  • Security Role changes.
  • Rotation of keys. This is only applicable when either the Signing Key or the Data Element Key for an encryption data element with Key ID is rotated.
  • Changes in permissions.
  • Addition or deletion of data elements.
  • Updating of the individual components of a package, such as, the data security policy or the CoP.

You can also create a resilient package that is immutable or static by exporting the package using the RPS API. For more information about the RPS API, refer to section APIs for Resilient Protectors in the Protegrity APIs, UDFs, Commands Reference Guide.

Working With Data Elements

An overview of the data elements used to protect the data.

Working With Alphabets

An overview of the Alphabets tab in the Data Elements & Masks screen.

Working With Masks

An overview of the Masks tab in the Data Elements & Masks screen.

Working With Trusted Applications

An overview of Trusted Applications.

Creating a Data Store

A data store identifies one or more protectors.

Working With Member Sources

The Member Sources are the source locations of users and user groups to be involved in the policies.

Working with Roles

An overview of roles in Policy Management.

Last modified : January 27, 2025