Policy Management

Policies group together Data Elements, Masks, and Roles to create security configurations that reflect your organization’s data security strategy. Policies are deployed to the locations specified under Data Stores. This is applicable to the policies that are dynamically deployed and not to the immutable policies that are deployed using the DevOps approach. The mapping between Roles and Data Elements is unique to each Policy and needs to be configured.

Note: The Deploy Status is only applicable for 9.x.x.x Protectors and earlier. For 10.0.x protectors and later, you can access the information about the deploy statuses from the Protegrity Dashboard.

Protegrity supports two types of Policies:

• Structured: using structured Data Elements for fine-grained protection.
• Unstructured: using unstructured data elements for course-grained file protection. Used exclusively with Protegrity File Protector.

Policy Changes

Policies must be deployed to take effect in the system.

Any updates made to any of the policy components result in a policy change. These updates may be related to administrative changes in the policy definition, such as an addition of a data element. These updates may also be an effect of a change coming from the organization’s Directory Service that is automatically pulled into the ESA.

User-originated changes made through the ESA UI require a manual policy deployment from the Web UI. User-originated changes made via the ESA Policy Management API are automatically deployed. Finally, any changes coming from the LDAP Member Sources that are configured in automatic refresh mode in the Role definition are also immediately deployed.

For more information about the available Policy Deployment mechanisms, refer to the Deploying Policies section.