Policy Map

The visual representation of the Policy as seen in the Policy Map view allows business users to understand the Policy evaluation process. Similarly, representing Policy as Code allows the developers or technical stakeholders to automatically move Policies between Environments (for example, from Staging to Production).

Every Policy in the Platform can be viewed visually in a Policy Map, regardless of how the Platform was added to the Policy Catalog (for example, created in the Platform or imported to the Platform). The Policy Map shows the following elements of the selected Policy. Click on a component to drill down for further details.

• Identity Template ID (WHO): This represents which Dynamic Groups are granted (or denied) access, based on the Policy type. In the Map view, the Dynamic Groups defined in this Policy appear on the left side of the display. The number of groups appears in the map. 
• WHEN: This displays the environmental Conditions applied to a Policy. For example: Time and Date restrictions, IP address, an Identity Attribute, etc.  
• WHAT: Each of the Assets associated to this Policy are displayed. These are the Assets that the users have access to, based on the Actions, Conditions and Rulesets defined in the Policy. You can click on the Rulesets to drill-down and manage each of the Rulesets available in the Policy. 
• WHAT: Displays which Applications are accessible to the Identities. These Applications are the means by which the Identities are able to access the Assets. Applications in the Policy Map can be represented by a logo, as defined in Managing Applications. 
  

Note: If the Policy is Inactive, meaning it is not considered when calculating the authorization decision, the Policy Map is grayed out.

Finally, below the Policy Map, the following information is detailed:

• Access Type displays the Allow or Restrict icon.

• Last Update indicates when the Policy was last updated (date and time).

• Policy State indicates the current state of the Policy, Active or Inactive.