Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Managing Policies

Modifying Policies and Rules

search

Please Note:

Modifying Policies and Rules

On the Policies page, you can view details of policies, update their description, and delete that policies that are no longer needed. Additionally, you can modify the key and security rules linked to the policy.

Displaying Policies

The Policies page shows the list of configured policies with their details such as names, types, and versions. You can view the version history of policies from the Policies page. Additionally, you can delete policies from this page. In the detail view, you can view types of rules linked with the policies.

Additionally, the Policies page shows a warning banner at the top with the number of policies that have Learn Mode enabled for more than 3 days.

This section covers the following information:

Viewing Policies

To view the complete list of configured policies:

  1. Open the Transparent Encryption application.

  2. Click Policies. The Policies page shows the following details:

    ColumnDescription
    NameUnique name of the policy.
    TypeType of the policy can be:
    • Standard
    • Live Data Transformation
    • Cloud Object Storage
    • In-place Data Transformation
    VersionVersion of the policy. Click to view the version history of the policy. Refer to Viewing Policy Version History for details.
    Updated AtTime when the policy is created or updated.
    DescriptionOptional description of the policy.
    Learn ModeWhether the Lean Mode is turned on for the policy. Use the toggle to turn on/off Lean Mode for the policy. Turn off Learn Mode for the policy for which you have analyzed the valid processes and users.

By default, the policies are displayed in descending order by Updated At. By default, 10 records per page are displayed. Adjust pagination and/or the number of records to display per page to view more records.

To add a new policy, click Create Policy. Refer to Creating Policies for details.

Viewing Details of Policies

To view the details of a policy:

  1. Open the Transparent Encryption application.

  2. Click Policies. The list of configured policies is displayed.

  3. Under Name, click the desired policy. The rules linked with the policy are displayed on the following tabs:

    • Security Rules

    • Key Rules

    • Data Transformation Rules (Applicable to Standard policies that contain data transformation rules)

    If a policy is in Learn Mode, a warning banner stating the following is displayed at the top of the page:
    Warning: This Policy is in Learn Mode
    To disable Learn Mode, turn off the Learn Mode toggle on the right.

  4. Click the Security Rules tab. This tab displays the following details:

    ColumnDescription
    OrderSequence to enforce security rules. Rules higher in the order take higher priority.
    Resource Set(Not applicable to Cloud Object Storage policies) Resource set linked with the rule.
    User SetUser set linked with the rule.
    Process SetProcess set linked with the rule.
    ActionAction applied to the rule. Refer to Actions for the complete list of supported actions.
    EffectEffect applied to the rule.
    BrowsingWhether browsing of directories under the GuardPoint down to the resources in the rule is allowed. For Cloud Object Storage policies, No is displayed.

    To add a new security rule, refer to Step 2: Add Security Rules for details.

  5. Click the Key Rules tab. This tab displays the following details:

    Standard Policies

    ColumnDescription
    OrderSequence to enforce key rules. Rules higher in the order take higher priority.
    Resource SetResource set linked with the key rule.
    Key Name / Current Key NameEncryption key currently applied to the resource. For Data Transformation policies, the name is Current Key Name.

    Live Data Transformation Policies

    ColumnDescription
    OrderSequence to enforce key rules. Rules higher in the order take higher priority.
    Resource SetResource set linked with the key rule.
    Current Key NameEncryption key currently applied to the resource.
    Transformation Key NameEncryption key to perform data transformation for LDT policies.
    Exclusion RuleWhether to exclude the resource set from the policy.

    Cloud Object Storage Policies

    ColumnDescription
    Key NameName of the key.

    In-place Data Transformation Policies

    ColumnDescription
    Current KeyName of the current encryption key.
    Transformation KeyEncryption key to perform data transformation for IDT policies.

    To add a new key rule, refer to Step 3: Add Key Rules for details.

  6. Click the Data Transformation Rules tab. This tab is displayed if the policy contains data transformation rules. This tab displays the following details:

    ColumnDescription
    OrderSequence to enforce key rules. Rules higher in the order take higher priority.
    Resource SetResource linked with the key rule.
    Transformation Key NameTransformation key to use for rekeying.

    To add a new data transformation rule, refer to Step 4: Add Data Transformation Rules for details.

Viewing Policy Version History

The policy version defines the number of times a policy has been changed. This number indicates the current revision only. It cannot be used to roll back to a previous version. Restore a backup to revert to a previous online policy version. The version count starts at zero when the policy is initially created and increments by one each time it is saved thereafter.

To view the version history of a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the version number of the policy. The Policy Version History popup displays the following details:

    FieldDescription
    VersionVersion of the policy.
    DateDate when the version is created.
    AuthorUser who changed the policy.
    CommentDescription of change.
  4. Click OK.

Updating Policy Description

To update the description of a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired policy.

  4. Click Edit.

  5. Add or modify the Description. The policy Name and Type cannot be modified.

  6. Click Update.

The updated description appears in the policies list.

Cloning a Policy

Cloning is an efficient and simple method to create a copy of an existing policy. The clone is a separate policy and contains all the configurations of its parent policy. When cloning a policy, specify a new unique name for the clone. Also, enable or disable Learn Mode for the clone, if required.

To duplicate a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired policy.

  4. Click Clone.

  5. Enter a unique Name for the clone.

  6. (Optional) Provide a Description for the clone.

  7. (Optional) Turn on/off the Learn Mode toggle. Refer to Learn Mode for details.

The clone with the specified name appears at the top of the policies list.

Adding New Security Rules

To add a new security rule to a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. On the Security Rules tab, click Add Security Rule. The Add Security Rule dialog box is displayed.

  5. Specify the required details. The fields on the Add Security Rule dialog box are same as the fields on the Create Security Rule dialog box. Refer to Step 2: Add Security Rules for details.

  6. Click Add.

The newly added security rule appears in the security rules list. Similarly, you can add more security rules to the policy.

Adding New Key Rules

To add a new key rule to a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Key Rules tab.

  5. Click Add Key Rule.

    An IDT policy can have only one key rule. So, the Add Key Rule button is not available for IDT key rules.

  6. Specify the required details. The fields on the Add Key Rule dialog box are same as the fields on the Create Key Rule dialog box. Refer to Step 3: Add Key Rules for details.

  7. Click Add.

The newly added key rule appears in the key rules list. Similarly, you can add more key rules to the policy.

Adding New Data Transformation Rules

To add a new data transformation rule to a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Data Transformation Rules tab.

  5. Click Add Data Transformation Rule. The Add Data Transformation Rule dialog box is displayed.

  6. Specify the required details. The fields on the Add Data Transformation Rule dialog box are same as the fields on the Create Data Transformation Rule dialog box. Refer to Step 4: Add Data Transformation Rules for details.

  7. Click Add.

The newly added data transformation rule appears in the data transformation rules list. Similarly, you can add more rules to the policy.

Modifying Security Rules

Editing Security Rules

To edit a security rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Security Rules tab.

  5. Click the overflow icon (Overflow Icon) corresponding to the desired rule.

  6. Click Edit. The Edit Security Rule dialog box is displayed.

  7. Change the required fields. The fields on the Edit Security Rule dialog box are the same the fields on the Create Security Rule dialog box. Refer to Step 2: Add Security Rules for details.

  8. Click Update.

The updated details appear in the security rules list.

Changing Order of Security Rules

To change the order of a security key rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Security Rules tab.

  5. Select the desired rule. Depending on the current order, the following ordering icons are activated.

    IconDescription
    Bottom (Bottom Icon)Move the rule to the bottom. Unavailable for the rule at the bottom.
    Down (Down Icon)Move the rule one place lower. Unavailable for the rule at the bottom.
    Up (Up Icon)Move the rule one place higher. Unavailable for the rule at the top.
    Top (Top Icon)Move the rule to the top. Unavailable for the rule at the top.
  6. Click the desired icon.

The rules list shows the updated order.

Deleting Security Rules

To delete security rules from a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Security Rules tab.

  5. Select the check boxes corresponding to the desired rules.

    To select all rules visible on the page for deletion, select the top check box to the left of the Order heading.

  6. Click the delete icon (Delete Icon).

The selected rules are removed from the security rules list.

Modifying Key Rules

Modifying key rules linked with a policy involves:

Editing Key Rules

To edit a key rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Key Rules tab.

  5. Click the overflow icon (Overflow Icon) corresponding to the desired rule.

  6. Click Edit. The Edit Key Rule dialog box is displayed.

  7. Change the required fields. The fields on the Edit Key Rule dialog box are the same the fields on the Create Key Rule dialog box. Refer to Step 3: Add Key Rules for details.

  8. Click Update.

The updated details appear in the key rules list.

Changing Order of Key Rules

To change the order of a key rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Key Rules tab.

  5. Select the desired rule. Depending on the current order, the following ordering icons are activated.

    IconDescription
    Bottom (Bottom Icon)Move the rule to the bottom. Unavailable for the rule at the bottom.
    Down (Down Icon)Move the rule one place lower. Unavailable for the rule at the bottom.
    Up (Up Icon)Move the rule one place higher. Unavailable for the rule at the top.
    Top (Top Icon)Move the rule to the top. Unavailable for the rule at the top.
  6. Click the desired icon.

The key rules list shows the updated order.

Deleting Key Rules

To delete key rules from a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

    The key rule linked with an IDT policy cannot be deleted from the CipherTrust Manager. However, you can update the key rule when required (refer to Editing Key Rules).

  4. Click the Key Rules tab.

  5. Select the check boxes corresponding to the desired rules.

    To select all rules visible on the page for deletion, select the top check box to the left of the Order heading.

  6. Click the delete icon (Delete Icon).

The selected rules are removed from the key rules list.

Modifying Data Transformation Rules

Modifying data transformation rules linked with a policy involves:

Editing Data Transformation Rules

To edit a data transformation rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Data Transformation Rules tab.

  5. Click the overflow icon (Overflow Icon) corresponding to the desired rule.

  6. Click Edit. The Edit Data Transformation Rule dialog box is displayed.

  7. Change the required fields. The fields on the Edit Data Transformation Rule dialog box are the same the fields on the Create Data Transformation Rule dialog box. Refer to Step 4: Add Data Transformation Rules for details.

  8. Click Update.

The updated details appear in the data transformation rules list.

Changing Order of Data Transformation Rules

To change the order of a data transformation rule in a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Data Transformation Rules tab.

  5. Select the desired rule. Depending on the current order, the following ordering icons are activated.

    IconDescription
    Bottom (Bottom Icon)Move the rule to the bottom. Unavailable for the rule at the bottom.
    Down (Down Icon)Move the rule one place lower. Unavailable for the rule at the bottom.
    Up (Up Icon)Move the rule one place higher. Unavailable for the rule at the top.
    Top (Top Icon)Move the rule to the top. Unavailable for the rule at the top.
  6. Click the desired icon.

The rules list shows the updated order.

Deleting Data Transformation Rules

To delete data transformation rules from a policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the desired policy.

  4. Click the Data Transformation Rules tab.

  5. Select the check boxes corresponding to the desired rules.

    To select all rules visible on the page for deletion, select the top check box to the left of the Order heading.

  6. Click the delete icon (Delete Icon).

The selected rules are removed from the data transformation rules list.

Deleting Policies

CipherTrust Manager provides options to delete single or multiple policies.

Deleting Single Policies

To delete a single policy:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired policy.

  4. Click Delete.

The selected policy is removed from the policies list.

Deleting Multiple Policies

To delete single or multiple policies:

  1. Open the Transparent Encryption application.

  2. In the left pane, click Policies.

  3. Select the check boxes corresponding to the desired policies.

    To select all policies visible on the page for deletion, select the top check box corresponding to the left of the Name heading.

  4. Click the delete icon (Delete Icon).

The selected policies are removed from the policies list.