• Categories

  • Steps to Setting Up Policies (Part I)

    By Francis Preston

     

    Here we are; our servers are set up and configured we have our LDAP configured. All that is left is to create our policies and identify the specifics of how we want to control the distribution of our documents.

     

    Although this sounds straightforward the decisions around Policies can take some thought to work through and the decisions you make can have an impact of the effort required.

     

     

    We will begin with a relatively simple implementation. If you were planning on implementing internal access control to documents, we would ask the following questions.

     

    1. Will all internal employees access some documents?
    2. Will you want some distribution that is accessible by various departments only?
    3. Will some documents be accessible by management only?

     

    There are always other distribution models to explore and that is dependant on your organizational needs. The three scenarios above are a good starting point. As we had discussed in our previous articles LDAP allows you to have very granular control over user access. It is important to have Groups created in LDAP that would capture the various scenarios.

     

    For example Item 2 above should have a Group in LDAP that reflects the departmental breakdown, that way you can assign a group or groups to a specific policy. The same holds true for Item 3 where you would want a management group as well. Once you have all of your desired groups defined it is time to start creating the policies.

     

    In AEM Policies are organized by Policy Sets and then Policies. You can think of this very much like a folder structure. You can create a Policy Set for internal use and external users if you have configured your plans for external users as well.

     

    You access the Policy Set and Policy creation through the Administration UI of your AEM installation (http://your.server.address:8080/adminui), and then navigate to Services -> Document Security -> Policies. This put you on the Main Policy Set page.

     

    The Default Policy set is available and we will want to create a Department set and a Management set. Clicking the “New” button on the Policy Sets tab takes you to Step one of four to create a new Policy Set

     

    On this screen (above) you enter a meaningful name for the set and provide a description based on what the set is used for.

     

    It is also important to note that there are limitations to the number of characters that are available for both the Name and the Description.

     

    Once the fields are completed click the Next Button. This brings you to the screen to add a Domain. This is necessary for the Policy Creation step for selecting users and groups.

     

    You simply select the Domain\s you want to use for the given Policy Set. In our example we are simply using the Default Domain, this is the Local Domain accounts.

     

    You can have multiple Domains configured and often you will have a Domain for Internal users and one for External users.

     

    You click the Add button and a confirmation prompt appears you then click the Ok button.

     

    The next step is to assign Policy Set Coordinators; you perform a search for the Policy Admin group. Keep in mind that is the name of the group that we created it can and will likely be different in your environment. Once you select the group you then set the permissions that the group will have in administering the Policy Set.

     

    In this case we have provided full access to the group and then clicked Add. Once again you will be presented with a confirmation screen where you will click the Next button to proceed to the final step.

     

    The final step is to select who has the rights to publish a document with the policies in this Policy Set. This brings up an interesting point, as you may have noted each Policy Set can have it’s own administrators and can control who can use the policies created under the Policy Set.

     

    Depending on the level of control you wish to have internally you can simply allow all employees to publish documents with the Policy Set or you can restrict it to a specific group of users. This is also true for Policy Set administrators; you can have a single group of Policy Set Admins maintaining all Policy Sets or delegate it to specific groups.

     

    The final step is to click the Save button to create the Policy Set.

     

    Even if you have made a mistake you can, once the Policy Set is created go back and edit all of the settings as needed. You can also change settings after you have published documents, but be careful any change is reflected in real-time and can have an impact on your users.

     

     

    At this point we can finally create a Policy or Policies for a given Policy Set. Once you click on your Policy Set name you are brought to the Edit Policy Set Screen. Here you can click on the various tabs and make modifications and add or edit Policies. In our case we will click on the Policy tab and click on the New button.

     

    In the next blog post we’ll consider in details each of the six sections of the New Policy screen. Stay tuned! 

     

     

    Need a hand?
    Contact Us