Managing Policies

Overview of the basic actions you can perform to manage policies, and tools for managing policy definitions.

About Policies

For information about using policies in the context of the developer portal, see Business Policies.

Table of Contents

  1. Add Policy
  2. View Policy Details
  3. View Policy Overview
  4. Attach Policy
  5. Modify Policy Information
  6. Make a New Policy Version
  7. Change Organization
  8. Copy Policy
  9. Delete Policy
  10. Export Policy
  11. View Policy References
  12. Using Regular Expressions in Policies
  13. Using JSONPath in Policies
  14. Using XPath in Policies

Policy Management Functions

The policy management functions below apply to policy definitions in the Policies folder.

Policy management functions are available on the Policy Summary drop-down menu or via the Actions Portlet on the Policies > Details page.

back to top

Add Policy

Used to define policies that are used to manage web service endpoints. Notes:

  • A policy is initialized with a default configuration. You can then customize the policy to address the unique requirements of your web service management system.
  • When you've configured the policy, you'll need to activate it via the Policy Workflow Portlet before it is visible and available for attachment in the hierarchy tree.
  • After you've activated the policy, you can then attach it to objects it will be managing, including Organizations, Services, Operations, Bindings, and Access Points.
To add a policy

On the main Policies Summary page, select Add Policy, select a policy type, and assign a name and description. The Add Policy Wizard creates a policy instance that you can modify on the Policy Details page.

back to top

View Policy Details

Once you've activated a policy, you can't change any of the policy information unless you start a new version. However, you can view the details of the current policy.

To view policy details in Policy Manager
  1. In Policy Manager, go to Workbench > Browse > Organization. Choose the applicable Policies folder (Compliance, Operational, or QoS). The Policies Summary screen displays.
  2. To view the details for a specific policy, do one of the following:
    • Click the policy name and then, in the second section, click View.
    • Find the policy on the list and then, from the Actions drop-down on the right, choose View Policy Details.

    An example is shown below. The top pane is the policy overview, and summarizes policy metadata such as name and type; the second pane summarizes the policy details, including all the technical settings that determine what the policy does.

    Viewing the policy details

back to top

View Policy Overview

The policy overview is a summary of basic general information about the policy, such as policy type, name, version, and description.

Once you've activated a policy, you can't change any of the policy information, including the overview, unless you start a new version. However, you can view the overview for the current policy.

To view the policy overview, follow the instructions in To view policy details in Policy Manager above. The Policy Overview is at the top.

If the policy is in Draft state, you'll see a Modify link, and you'll be able to modify the policy overview.

back to top

Attach Policy

Policies defined in the policies object (the Policies Folder) can be assigned to an organization, and to six different elements of a service. Each policy assignment is based on the business requirements defined for policies supported in each policy category (Compliance, Operational, and QoS) in addition to custom defined policies. Notes:

  • When a policy is assigned at the Service Details level, the policy is referenced in all other elements of the service (operations, bindings, access points).
  • When a policy is referenced in a Policy Attachments Portlet, it is preceded with (from <object name>).
  • Once a policy is referenced, it can only be removed at the source attachment point (in the Policy Attachments Portlet of the service).
  • You can add additional policies to each service element using the Policy Attachments Portlet in each Management Console section.
To attach a policy

Go to the Policy Attachments portlet on the Policy Details page where you would like to attach a policy, and select Manage. Select a policy from the tree and save the configuration.

back to top

Modify Policy Information

Allows you to change the name and description of a policy.

back to top

Make a New Policy Version

If you need to change an existing policy that's in Active state, you'll need to start a new policy version. The new version is in Draft state, and can be modified, until you activate it.

Note: When you activate a new version of the policy, it replaces the previous version in all instances where the policy is in use. Only one version of a policy is active at one time. For example, if Version 1 of a policy is attached to a service, and Version 2 is activated, Version 2 becomes the version that's attached to the service, in all instances.

To make a new policy version in Policy Manager
  1. In Policy Manager, go to Workbench > Browse > Organization. Choose the applicable Policies folder (Compliance, Operational, or QoS). The Policies Summary screen displays.
  2. On the list, find the policy, and double-click to go to the policy page.
  3. In the right pane, click Start New Version, as shown below.

    Starting a new policy version

  4. At the prompt, click OK. A new version of the policy is started, in Draft state. You can now modify the policy and then activate it.

back to top

Change Organization

Allows you to move the current policy configuration to a new Organization.

  • Note that you can only move referenced policies (policies that are attached to an object) within the current Policy Scope (for example, Organization, Service, or Operation).
  • If you want to move a policy to a different Organization, the references must stay in scope.
  • To determine what references a policy might have, go to the current policy and then select View Policy References.
  • To remove policy references, unattach the policy via the Policy Attachments Portlet.

back to top

Copy Policy

Allows you to replicate a policy definition and assign a new Policy Name and Policy Key. Using this function, you can configure elements that represent core functionality of a policy, replicate them to a new policy, and then perform additional customization on the copy.

back to top

Delete Policy

Deletes the selected policy definition. You cannot delete a policy if it's referenced (attached to one or more objects). The number of policy references is indicated on the Policies Summary page, in the # column. To view policies, select View Policy References.

If you want to delete a policy, you must remove the policy attachment via the Policy Attachments Portlet.

back to top

Export Policy

Provides a method of exporting a policy definition to a Package file. This Package file can then be imported into a different Policy Manager deployment using the Import Package function.

back to top

View Policy References

Displays a list of objects that the current policy is referencing.

Back to top

Using Regular Expressions in Policies

Many types of policies support the use of regular expressions to define values in the policy configuration. To take advantage of this, you'll need a good working knowledge of regular expressions. Some online tools:

  • Regular Expression Tester: Rubular.com provides a nice online test tool.
  • Regular Expression Builder: Debuggex.com provides a more sophisticated (and more complex) tool for building and validating regular expressions.

For examples of the use of regular expressions in a policy definition, see Using the HTTP Malicious Pattern Detection Policy.

Note: regular expressions only work with certain content types. For example, you cannot use regular expressions with application/json or application/xml content.

Back to top

Using JSONPath in Policies

Some types of policies allow you to filter messages by finding a fieldname in the message body using JSONPath; for example, the Detailed Auditing policy.

An online tool for testing JSONPath:

Example #1

In the example below, a JSONPath expression is used in the Detailed Auditing Policy. This expression identifies instances of all lastfour digits in card numbers, for filtering; the policy removes this information from the log.

Note: An alternative treatment for card information is to use the Auditing Message Policy to mask the information (xxxx).

Using JSONPath in policies

The JSONPath expression:

$.cardNumber[*].lastfour
Example #2

You could use the following JSONPath expression:

$.cardNumber[*].expirationdate

This searches for the cardnumber expiration date, and removes this information from the log.

The element must be defined in the JSON Schema.

Back to top

Using XPath in Policies

XPath (XML Path Language) is a query language that you can use to find a node name in an XML document.

Some types of policies allow you to filter messages using an XPath statement; for example, the Detailed Auditing policy.

In the sample policy definition shown below, the policy will filter out the following information in messages:

  • In JSON: filters for credit card expiration date and, if found, does not log that information.
  • In XML: filters for the PaymentCard object and, if found, does not log that information.

Note: An alternative treatment for card information is to use the Auditing Message Policy to mask the information (xxxx).

The policy definition:

UsingXPath in policies

The XPath expression:

//PaymentCard

In this example, all the following XML content would be omitted in the Detailed Auditing policy, or masked in the Auditing Message Policy:

Element='<PaymentCard xmlns="http://www.example.org/OTA/2003/05"
  CardCode="VI"
  CardNumber="4321432143214327"
  CardType="1"
  ExpireDate="0614"
  SeriesCode="123">
     <CardHolderName>John Doe</CardHolderName>
   </PaymentCard>'

Back to top