Rule Groups

Contents
sm1252sp1
Contents
A rule group is a set of rules that can be bound to
CA Single Sign-On
policies. You can use a rule group to combine groups of rules you will be applying to the same policy. For example, if you have a number of rules that allow a GET action for different resources of a Web site, you could then create a rule group that contains all of the resources. When you configure the policy that will include the rules, you can add a single rule group to the policy, rather than add all of the rules individually.
When you include a rule group in a policy, each rule in the group is evaluated and applied independently of other rules in the group.
Rule groups overview
Rule groups overview
The previous diagram illustrates a rule group that contains rules for both the Marketing realm and the Engineering realm. The rule group can be used in a policy rather than including all four rules separately.
Create a Rule Group
You can create a rule group and add it to a domain.
Follow these steps:
  1. Click Policies, Domain, Rule Groups.
  2. Click Create Rule Group.
  3. Click OK.
  4. Select a domain and click Next.
  5. Type the name and a description of the rule group.
  6. Select Radius or
    CA Single Sign-On
    and an Agent Type.
  7. In Group Members, click Add/Remove.
    The Available Members column lists all rules that are defined in the specified domain and in the realms associated with the specified Agent type. When the Agent type is Generic RADIUS, the Available Members column lists all rules that the RADIUS Agents support.
  8. Select one or more rules from the list of Available Members and click the right-facing arrows.
    To select more than one member at one time, hold down the Ctrl key while you click the additional members. To select a block of members, click the first member and then hold down the Shift key while you click the last member in the block.
  9. Click OK.
  10. Click Finish.
    The Rule Group is created.
Add Rules to a Rule Group
You can add rules to a rule group in the same domain and of the same Agent type.
Follow these steps:
  1. Click Policies, Domain, Rule Groups.
  2. Specify search criteria, and click Search.
  3. Click the name of a rule group that you want to modify.
  4. Click Modify.
    The settings and controls become active.
  5. In Group Members, click Add/Remove.
    The Available Members column lists all rules that are defined in the specified domain and in the realms associated with the specified Agent type. When the Agent type is Generic RADIUS, the Available Members column lists all rules that the RADIUS Agents support.
  6. Select one or more rules from the list of Available Members and click the right-facing arrows.
    To select more than one member at one time, hold down the Ctrl key while you click the additional members. To select a block of members, click the first member and then hold down the Shift key while you click the last member in the block.
  7. Click OK.
  8. Click Submit.
    The selected rules are added to the rule group.
Modify a Rule Group
You can modify all of the properties of a rule group, except the Agent Type for
CA Single Sign-On
Agents and the vendor type for RADIUS Agents. To change the Agent type or vendor type, delete the rule group and create a new one.
sm1252sp1
Note
: More information about modifying and deleting Policy Server objects exists in Manage Policy Server Objects.
Delete a Rule Group
Deleting a rule group only deletes the grouping. The rules contained in the grouping are not deleted.
sm1252sp1
Note
: More information about modifying and deleting Policy Server objects exists in Manage Policy Server Objects.