Create a Policy or Policy Fragment

The Create Policy task is used to create these types of policies/policy fragments:
The Create Policy task is used to create these types of policies/policy fragments:
  • Global Policy Fragments:
    These are fragments are predefined by the administrator and will run at specific points during message processing, depending on the global policy tag. These fragments do not appear in the service policy. For more information, see Global Policy Fragments.
  • Included Policy Fragments:
    These are fragments that group any number of assertions into a self-contained unit that can be dropped into any service policy using the Include Policy Fragment Assertion. The fragment appears in the service policy as
    "Include Policy Fragment: <name>"
    and can be repositioned as necessary. For more information, see Policy Fragments.
    For a shortcut method to creating an Included Policy Fragment, see "Policy Fragment Shortcut" under Policy Fragments.
  • Internal Use Policies:
    These are ready-made policies predefined in the
    Layer7 API Gateway
    . These policies are designed to achieve a specific objective. For more information, see Internal Use Policies.
  • Policy-Backed Identity Provider Policy Fragment:
    These fragments contain identity provider policies and are intended for use with Policy-Backed Identity Providers (PBID). (Only policy fragments of this type may be selected for use in a PBID.) For more information, see Policy-Backed Identity Providers .
  • Policy-Backed Service Operation Policy Fragment:
    These are fragments that can be run in the background. For more information, see Manage Scheduled Tasks.
There are several other types of policies that are not created via the Create Policy task:
  • Audit sink policy:
    This is a special policy that is created when auditing to a policy is enabled. This policy may be edited, but it cannot be renamed nor deleted. For more information, see Managing Audit Sinks.
  • Debug trace policy:
    This is a special trace policy to help you troubleshoot a service policy. For more information, see "Working with the Debug Trace Policy" under Debug a Policy.
Only users with the role of "Administrator" can create a policy.
To create a policy:
  1. Do either of the following:
    • Select [
      >Services and APIs >
      Create Policy
      from the Main Menu
    • Right-click a folder within the Services and Policies list and then select
      Create Policy
  2. Complete the properties for the type of policy that you wish to create. For more information, see Policy Properties.
  3. Click [
    ]. The new policy is created and loaded in the policy window for editing. If you currently have unsaved changes in the policy window, you are prompted to save before the new policy is loaded. New policies have the following default assertions:
(1) The icon color in the Services and Policies list help you readily identify the type of policy: Services_List-Global_policy.png = Global policy fragment; Services_List-Included_policy.png = Included policy fragment; Services_List-Internal_policy.png = Internal policy. For global and internal policies, the policy tag is displayed next to the policy name. (2) If security zones have been deployed and you have been assigned a "Manage X Zone" role, the security zone 'X' must include the "All assertions must..." composite assertion as well as every assertion in the policy (or that will be added to the policy) before you can create or edit the policy.