The security rule editor

You can create new security rules in the security rule editor.

Do the following:

  1. Select Security rules on the QMC start page or from the StartS drop-down menu.
  2. Click P Create new or select an existing rule and click Edit.

Depending on your needs, you can either use the Basic section, for simple rules, or use the Conditions text box in the Advanced section to create more advanced rules.

Note: When you create rules using the Advanced section, you need to specify the Actions in the Basic section.
Tip: Some resource types, such as streams and data connections, provide the possibility to edit and create associated rules directly, without requiring access to the security rules section. Remember that when you delete the parent object, the associated rules are also deleted.

When do I use the Basic section?

The Basic section provides an efficient way to do one of the following:

  • create rules that apply to one resource type only
  • create the base for more advanced rules

Creating rules for one resource type only

Using the Create rule from template drop-down list (in the Identification section) to select a resource type, will set the Resource filter (in the Advanced section) to that selection. It will also automatically generate a resource filter that explicitly points out that resource type. For example, selecting App access will set the resource filter to App_*. This means that the QMC will only evaluate the rule for apps. 

Naming resources in the Resource filter

However, you cannot select more than one resource type from the basic view. If you want to add more resource types to the resource filter, or the resource conditions, you must edit the Resource filter and Conditions fields in the Advanced section.

Creating a base for more advanced rules

You can use the Basic section to quickly create the base for a rule. For example, you can define one resource type to apply the rule to and then a set of conditions that you will manipulate with operators other than AND/OR in the Conditions text field in the Advancedsection. Using the Advanced section also enables you to use the built-in functions provided with the editor.

Security rule conventions

Backtracking between the Advanced and Basic sections

To enable synchronization between the Basic and Advanced sections (so called backtracking), extra parentheses are added to conditions created using the Basic section. Similarly, a user definition with an empty condition is automatically included in the Conditions text field if you add a resource using the Basic section. However, if you create your rule using the Advanced section only, and do not need backtracking, you do not need to follow these conventions.