The security rule editor
You can create new security rules in the security rule editor.
Do the following:
-
Open the QMC: https://<QPS server name>/qmc
- Select Security rules on the QMC start page or from the Start drop-down menu.
- Click Create new or select an existing rule and click Edit.
Depending on your needs, you can either use the Basic section, for simple rules, or use the Conditions text box in the Advanced section to create more advanced rules.
When do I use the Basic section?
The Basic section provides an efficient way to do one of the following:
- create rules that apply to one resource type only
- create the base for more advanced rules
Creating rules for one resource type only
Using the Create rule from template drop-down list (in the Identification section) to select a resource type, will set the Resource filter (in the Basic section) to that selection. It will also automatically generate a resource filter that explicitly points out that resource type. For example, selecting App access will set the resource filter to App_*. This means that the QMC will only evaluate the rule for apps.
Naming resources in the Resource filter
To add more resource types from the basic view, click the arrow to the right of the Resource filter text box and select the resources.
Creating a base for more advanced rules
You can use the Basic section to quickly create the base for a rule. For example, you can define one resource type to apply the rule to and then a set of conditions that you will manipulate with operators other than AND/OR in the Conditions text field in the Advancedsection. In the Advanced section you can use the built-in functions provided with the editor.
Backtracking between the Advanced and Basic sections
To enable synchronization between the Basic and Advanced sections (so called backtracking), extra parentheses are added to conditions created using the Basic section. Similarly, a user definition with an empty condition is automatically included in the Conditions text field if you add a resource using the Basic section. However, if you create your rule using the Advanced section only, and do not need backtracking, you do not need to follow these conventions.