Creating Policies
Use the Policy Management Web UI to create structured and unstructured policies.
Creating and Deploying Policies
Policies contain detailed and comprehensive security definitions. Policies are distributed to the locations in your enterprise set up for policy enforcement.
The following figure displays a sample policy.
You can add data elements, roles, link the policy to a data store, and deploy the policy to the protector nodes. You also set different permissions for the content restrictions for a policy.
You can create two types of policies:
- Structured Policy - Policy that supports column-level database protection and integrates policies into applications using an API. This policy type contains only structured data elements.
- Unstructured Policy - Policy that provides support for file protection. This policy type contains only unstructured data elements. It is only supported for File Protectors. The unstructured policy is not applicable for 10.0.0 protectors.
A policy is in one of the following states:
- Ready to Deploy – The policy is created with the required information and ready for deployment.
- Deployed – The policy is ready to be distributed to the protectors.
You can modify a policy at any point in time. If a policy that is deployed is modified, then the policy returns to the Ready to Deploy state.
The Deploy Status is only applicable for 9.x.x.x protectors and earlier. It is not applicable for 10.0.0 protectors and later.
For 10.0.0 protectors and later, you can access this information from the Protegrity Dashboard.
The Policy Management Web UI is primarily used to create policies and related metadata.
Adding Data Elements to Policy
This section discusses about how to add data elements to policy.
Adding Roles to Policy
This section discusses about how to add roles to a policy and then how to customize the permissions for individual roles.
Adding Permissions to Policy
Permissions are applied restrictions to access sensitive data. Use the Policy Management Web UI or the DevOps API to add permissions to a policy.
Deploying Policies
After you define the roles, data elements, data stores, and permissions for the policy, the policy is ready for deployment.
Policy Management using the Policy API
Apart from creating and managing policy metadata through the Policy Management Web UI in ESA, policies can also be created using the Policy Management API.