Cisco Systems OL-24201-01 Camera Accessories User Manual


 
10-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 10 Managing Access Policies
Policy Creation Flow
In short, you must determine the:
Details of your network configuration.
Access services that implement your policies.
Rules that define the conditions under which an access service can run.
This section contains the following topics:
Network Definition and Policy Goals, page 10-2
Policy Elements in the Policy Creation Flow, page 10-3
Access Service Policy Creation, page 10-4
Service Selection Policy Creation, page 10-4
Network Definition and Policy Goals
The first step in creating a policy is to determine the devices and users for which the policy should apply.
Then you can start to configure your policy elements.
For basic policy creation, you can rely on the order of the drawers in the left navigation pane of the web
interface. The order of the drawers is helpful because some policy elements are dependent on other
policy elements. If you use the policy drawers in order, you initially avoid having to go backward to
define elements that your current drawer requires.
For example, you might want to create a simple device administration policy from these elements in your
network configuration:
Devices—Routers and switches.
Users—Network engineers.
Device Groups—Group devices by location and separately by device type.
Identity groups—Group network engineers by location and separately by access level.
The results of the policy apply to the administrative staff at each site:
Full access to devices at their site.
Read-only access to all other devices.
Full access to everything for a supervisor.
The policy itself applies to network operations and the administrators who will have privileges within
the device administration policy. The users (network engineers) are stored in the internal identity store.
The policy results are the authorizations and permissions applied in response to the access request. These
authorizations and permissions are also configured as policy elements.
Policy Creation Flow—Next Steps
Policy Elements in the Policy Creation Flow, page 10-3
Access Service Policy Creation, page 10-4
Service Selection Policy Creation, page 10-4