Our eDocs perfectly explain how to configure authorization policies associated with users and groups AAA. But in some cases, you want to link AD groups to a resource, instead of linking resources to AD groups. The end result will be the same, but it offers some additional flexibility if it comes down to management. You could call the solution below "Access Role-based" we'll consolidation groups in a "role" which will be associated with a vserver LB / CS
This is how the solution looks like graphically: . 
to configure what we create labels create two political authorization for the Power user and regular users under security> AAA> authorization> political labels.
for each label policy, you need to insert a policy with a significant policy name, the action "Allow" and the phrase the key phrase here is to use eg.
HTTP.REQ.USER. IS_MEMBER_OF ( "Group1")
More details on how to use the expressions of HTTP.REQ.USER policy can be found in eDocs. all the resulting political expressions labels is shown below
Next, we need to configure or modify a LB or existing vserver CS (Traffic Management> Load Balancing> virtual servers or switching content > virtual Servers). Open the vserver, go to the "Policies" tab and select "Permission". We can now configure a refusal default policy rule with "inclusion policy". The rule that we create will always correspond, through the expression of "true" policy. 
And invoke an additional label policy as configured below.
The beauty of Summon political labels is that you can avail of virtual multiple servers political labels without having to recreate the rule sets for each virtual server. The goal is to create an abstraction layer between your vserver objects and treatment of politics. This behavior applies to many types of policies with political labels such as rewriting, compression, AppFlow ... and authorization policies as used here.
0 Komentar